Linux-based Qubes OS sandboxes VMs for added security

Linux-based Qubes OS sandboxes VMs for added security

Summary: Poland's Invisible Things Lab has launched its Linux-based desktop OS that uses sandboxed security.

SHARE:

Last week saw the release of Qubes, a Linux-based operating system that's aiming to make a virtue of sandboxed security.

The aim of Qubes, developed by Joanna Rutkowska and her Warsaw-based IT security company Invisible Things Lab, is to make it as hard as possible for rootkits and malware to install on a system by strictly dividing processes and running them in their own sandboxes. Most OSes have a monolithic kernel, something Rutkowska says is inherently insecure.

Rutkowska made tech headlines some years back after she and her team developed the Blue Pill rootkit. By placing the main operating system (the then newly released Windows Vista) in a virtualised environment, the rootkit could elude almost every type of security algorithm known at the time. While this is often touted as 'hardware hacking', Rutkowska finds that description inaccurate: the fault, she argues, is not directly in the hardware, but in the operating system putting all its eggs in one fat kernel.

In Qubes, processes can only access the parts of the system they are meant to access. All functions are divided into sandboxes (specifically, domains), which are lightweight virtual machines based on Xen. Each domain has its own coloured box, so users get a visualisation of the divisions in the processes they are running.

qubes
Here, a word processor runs in the green 'work' domain, while the red domain is used for random web browsing. Image : Invisible Things Lab

In simple terms (and this is all customisable), the effects of clicking on a harmful link are neutralised because all browser-based actions are performed in a browser domain that has very limited access to the backend, rather than an application domain that does offer such possibilities. To put it in Rutkowska's words: why should a game of Tetris have access to the kernel?

There is a price to be paid however, as Qubes is not exactly light on hardware requirements: even when the VMs are light and only run the processes they are meant to run, Qubes still demands 4GB of memory, a semi-x64 processor and 20GB of hard drive space.

Rutkowska stops short of calling her OS absolutely secure. "A hypothetical exploit for your favourite web browser would work against Firefox running inside one of the Qubes VMs just as well as it worked for the same browser running on normal Linux," she wrote on her blog. "The difference that Qubes makes is that this attacked browser might be just your for-personal-use-only browser, which is isolated from your for-work-use-only browser, and for-banking-use-only browser."

Road to Qubes

Developing Qubes took a bit longer than expected, with the release date for the stable version originally set for the end of 2011.

"It's easy to write a proof of concept for something," Rutkowska told Central European Processing, "and it's way more difficult to turn it into something actually usable for everyday work." Even then, Rutkowska tried to keep to the original plan as much as possible. "We tried to stick to the roadmap we more or less sketched three years ago when designing it."

The desktop OS is purely aimed at the business-to-business market. "Our current business model involves selling commercial licences for the Qubes code (otherwise released under GPL) to vendors, so that they could build their own customised products on top of Qubes, or customised, professional Qubes editions, targeting some specific target audiences," Rutkowska wrote.

Currently, Invisible Things Lab is working on Qubes 2.0, which should also have Windows extensions, making it possible to run Windows applications. "I already have a few Windows VMs running on my laptop. We should be publishing Qubes 2.0 'beta 1' sometime soon, I hope," Rutkowska said.

Topics: Security, Linux, Operating Systems, EU

Michiel van Blommestein

About Michiel van Blommestein

Michiel van Blommestein is a Dutch journalist who has been living in Poland since 2010. He worked as a technology journalist in the Netherlands before moving to Poland to work as a regular correspondent for various news outlets. He still loves the bits and bytes though.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • If you want a secure custom OS there really is only one option

    It's nice to see OSS being put to good innovative use. Hopefully Qubes is successful.
    T1Oracle
  • Added security for the Linux desktop?

    Yup, as stated in the article Linux has a monolithic kernel and even Linux Torvalds has said that the Linux kernel is bloated and scary. Here's one example:

    http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html

    And on top of the "fat kernel" (quoted directly from the article) is X.org with it's lack of GUI isolation:

    http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html

    That's two strikes against the Linux desktop. Don't feel bad, though, as it also applies to OS X and Windows.

    Finally, a way to run the Linux desktop securely (*if* one is careful with the application domains).

    P.S. Qubes OS 1.0 AppVMs use modified Fedora (not stated in the article).
    Rabid Howler Monkey
  • Minix?

    It's high time someone put some serious development behind Minix or some other microkernel architecture derivative. I have always been intrigued by this design strategy, and I can't really see much difference in the end result between what Qubes is trying to accomplish and what a microkernel design provides.

    http://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate

    -=B
    BGunnells
    • Two modern microkernel-based OSs

      - QNX (a subsidiary of RIM) -
      http://www.qnx.com/

      RIMs Playbook tablet and their forthcoming Blackberry smartphones run QNX.

      - Green Hills Integrity -
      http://ghs.com/
      Rabid Howler Monkey