SoylentNews

Burz [soylentnews.org] writes:

Invisible Things Labs has released Qubes OS 3.1. [qubes-os.org] Some of the features recently introduced into this secure concept, single-user desktop OS are Salt management, the Odyssey abstraction layer, and UEFI boot support. The 3.x series also lays the groundwork for distributed verifiable builds [invisiblethings.org], Whonix VMs for Tor isolation [whonix.org], split-GPG key management, USB sandboxing, and a host of others.

Qubes has recently gained a following among privacy advocates [google.com], notable among them journalist J.M. Porup, Micah Lee [micahflee.com] at The Intercept and Edward Snowden [theintercept.com].

Embodying a shift [invisiblethings.org] away from complex kernel-based security -- and towards bare metal hypervisors and IOMMUs for strict isolation of hardware components -- Qubes seals off the usual channels for 'VM breakout' and DMA attacks. It isolates NICs and USB hardware within unprivileged VMs which are themselves are a re-working of the usual concept, each booting from read-only OS 'templates' which can be shared. Graphics are also virtualized behind a simple, hardened interface. Some of the more interesting attacks mitigated by Qubes are Evil Maid, BadBIOS, BadUSB and Mousejack. [mousejack.com]

---

Original Submission