ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Rutkowska's Qubes OS to implement disposable VMs

By | June 3, 2010, 7:43am PDT

Summary: The idea behind Disposable VMs is to have very lightweight virtual machines that can be created and booted quickly with a sole purpose of hosting only one application.

Joanna Rutkowska’s Qubes OS project will include a feature to create one-time use-and-discard virtual machines.

The idea behind Disposable VMs is to have very lightweight virtual machines that can be created and booted quickly with a sole purpose of hosting only one application.  ”Then, once you’re done, you just throw it away,” Rutkowska explained.

Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, is building Qubes as an open-source OS meant to provide isolation of the OS’s components for better security.  Qubes is based on Xen, X and Linux and relies on virtualization to separate applications running on the OS and also places many of the system-level components in sandboxes to prevent them from affecting each other.

[ SEE: Rutkowska launches Invisible Things Labs ]

In a blog post explaining the thinking behind Disposal VMs, Rutkowska said it would an ideal feature to open untrusted documents, especially when there’s an element of risk.follow Ryan Naraine on twitter

It’s quite reasonable to be afraid that a PDF might be malicious and might try to exploit your PDF viewer, and then try to steal your emails or other things you keep in the “work” AppVM (or “work-email” AppVM). It doesn’t matter if you trust the sender, as the sender’s OS might very well be compromised by some malware and might be infecting all outgoing PDFs without the user consent.

You could try opening the PDF in one of your non-sensitive VMs, e.g. the “random” VM that you use for causal Web browsing, to make sure that even if the PDF is malicious, that it won’t get access to any sensitive data. But what if the PDF is not malicious, and what if it contains some confidential data? In that case you might throw the baby out with the bath water (your “random” VM might have been already compromised and now it would be able to steal the secrets from your PDF file).

A disposable VM is an ideal solution here. You create a clean, disposable VM, just for the purpose of viewing the PDF. Then, once you’re done, you just throw it away. If the PDF was malicious it could done harm only to its own disposable VM, that doesn’t contain anything except… this very PDF. At the same time, the disposable VM is always started in a clean state, so there is no way somebody could steal the document. Only the document can steal itself :)

Rutkowska said basic support for Disposable VMs is planned for Beta 1, which is scheduled for the the end of the summer.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe PDF, Rutkowska, Qubes OS, Joanna Rutkowska, Disposable VM, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
11
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Rutkowska's Qubes OS to implement disposable VMs
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
Raymond Danner 4th Jun 2010
Sounds interesting, for certain. Question is, does Qubes plan on doing Windows? Or at least giving the option to run Windows emulation (WINE, et. al)? One of the biggest obstacles to any widespread adoption of Linux in any of its forms is the lack of ways to run Windows apps under a (hopefully, at least!) more secure framework.
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
lovedong 13th Sep
Thanks a lot. replica hermes bags
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
efsane Updated - 9th Apr 2011
Great!!! thanks for sharing this information to us!
sesli sohbet sesli chat
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
MACKENZI 11th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
PEARLINEI 12th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
RHIANNONA 13th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
SATURNINA 14th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
MCKNIGH 26th Sep
Thanks nice info z d n e t I really liked your current article write more..let me add you to its favorite The articles you have on zdnet s i t e are always so enjoyable to read. Good work and I bookmarked it.
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
MEJIAHA 30th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: Rutkowska's Qubes OS to implement disposable VMs
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix