With the deluge of malware and advanced attacks continuing unabated, security approaches that sandbox applications or isolate processes are garnering increased attention. Researcher Joanna Rutkowska and Invisible Things Lab were the latest to go in that direction with the official release on Tuesday of the Qubes operating system.
Qubes 1.0 is an open source OS that implements lightweight Xen virtual machines as isolated domains to enhance security. It has been in the works since 2010 and offers users the ability to designate isolated virtual domains for different purposes, such as banking, personal or professional use. Rutkowska said IT can designate security policies for each domain, defining for example which has access to networking or is able to copy files.
“We decided to delegate security decisions to the user because I don’t believe we could come up with good enough automatic security policing, e.g., creating a new virtual machine for each new user’s task,” Rutkowska said in an email interview with Threatpost. “We decided it would be better for the user to explicitly define the domains, as well as various security policies that govern their usage.”
A beta version of Qubes 2.0 is due soon, Rutkowska said, and hinted it could include support for Windows VMs, support for the OpenGL graphics library in the VMs, and support for USB stacks disaggregation.
Qubes 1.0 is designed, she said, to minimize the amount of trusted code between domains in order to make the isolation as strong as possible. A work domain, for example, would by policy be able to access only a virtual private network and an email server, and be denied any other networking capabilities such as browsing, which could be conducted in a separte virtual domain with its own security policy. File exchanges between particular domains could also be denied via policy, Rutkowska said, adding that such isolation prevents compromise of all domains if one is attacked.
“People should realize that by the mere fact of using Qubes OS they won’t become automatically more secure – it’s how they are going to use it that might make them significantly more secure. A hypothetical exploit for your favorite Web browser would work against Firefox running inside one of the Qubes VMs just as well as it worked for the same browser running on normal Linux,” Rutkowska wrote in a blog post Tuesday. “The difference that Qubes makes is that this attacked browser might be just your for-personal-use-only browser which is isolated from your for-work-use-only-browser, and for-banking-use-only-browser.”
Rutkowska said she chose Xen/Fedora Linux as a platform because of its architecture and practical features such as power management, support for Intel VT-d and driver domains, and support for para-virtualized and fully virtualized VMs. She added that keeping up with evolving Intel chipsets and updates to the Fedora distribution were a constant challenge for her and her colleague, senior system developer, Marek Marczykowski in order to build a reasonably up to date OS.
“Generally, it’s a great satisfaction for a security-oriented person like myself to have a system on my laptop that satisfies most of my security wishes and requirements,” Rutkowska said. “Sure, there is always an appetite for more…but let’s not be greedy. It already is light years ahead of other systems, I think.”
