In association with heise online

07 April 2010, 19:27

Security through virtualisation

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A separate virtual system for every task -- that's the basic formula of Qubes' security concept. Qubes, a new operating system presented by Joanna Rutkowska, plans to limit any damage malicious software might do; so even if the game just tested turns out to be a trojan or an attacker is exploiting a WiFi driver bug, our online banking credentials are not at risk. They are safely stored in the banking VM, which runs nothing but online banking.

Zoom A VM for each app -- the architecture of Qubes emphasises virtualisation

"We will not be able to patch all the bugs in the software we use or detect all the malicious software. Consequently we need a different approach to build secure systems" said security expert Joanna "Bluepill" Rutkowska, known for her research into rootkits, explaining what motivated the project.

The researcher's approach relies on isolating individual tasks in light-weight virtual machines (VMs) running on one physical PC. Its technical foundations are provided by existing open source projects such as Xen, Linux and the X Window System, on top of which Joanna Rutkowska and her colleague Rafal Wojtczuk have designed and implemented components such as a secure graphical user interface. The GUI is able, for example, to safely allow for copying and pasting between VMs.

At the moment, the open source project is at an early alpha stage which is not suitable for production use. Rutkowska anticipates that a stable version will become available towards the end of the year. While Qubes itself is to remain open and free, the developers plan to generate revenue via commercial Qubes-based added value services.

See also:

  • Qubes OS Architecture,PDF by Joanna Rutkowska and Rafal Wojtczuk (server appeared to be overloaded at this article's time of writing)


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit