Stories
Slash Boxes
Comments

SoylentNews is people

posted by Cactus on Saturday February 22 2014, @09:15PM   Printer-friendly
from the get-outta-my-sandbox dept.

CQ writes:

Qubes-OS, the Security-by-Isolation, VM-based operating system, has concluded that a port to the Windows OS line isn't feasible. In this post, the CEO of Inivisble Things Labs outlines what she had hoped to accomplish with the port and her explaination why it was just not meant to be.

This paper [pdf] contains all the technical bits you need to know, and the explanation on why the Windows APIs and system architecture are not appropriate for the task of creating an isolation system. It also has some interesting (if that's your thing) information on the Windows security model.

Does anyone here have any experience with Qubes? Does it make sandboxing easy enough for day to day use?

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Interesting) by lgw on Sunday February 23 2014, @06:31AM

    by lgw (2836) on Sunday February 23 2014, @06:31AM (#5096)

    I think this is just the wrong approach. Just run each process in its own VM on a thin hypervisor - don't trust a kernel for anything. Whatever isolation you write, attackers will eventually find flaws in. The bog name hypervisors no doubt still have flaws, but are far past any remotely easy VM escapes.

    The big problem with Windows as a guest OS is it's quite heavyweight. Something as light or lighter than XP would be great, though. And it's not like the OS needs to be secure at all when you're basically running one process per VM.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   2  
  • (Score: 2, Insightful) by weilawei on Sunday February 23 2014, @10:04AM

    by weilawei (109) on Sunday February 23 2014, @10:04AM (#5139)

    So, we're back to exokernels [osdev.org], which place the userland and kernel on an equal footing. Although, if your suggestion involves a hypervisor, that's actually closer to a microkernel [osdev.org]. At some point, you have to trust SOMETHING, be it the hypervisor, the microcode for the hardware, the actual hardware itself. Saying "don't trust the kernel" isn't an appropriate response, when you suggest replacing the kernel with another piece of software that looks suspiciously like an exo/microkernel.

    Unless you're equipped like Chipworks [chipworks.com], you're STILL going to need to make assumptions about the security of many components.