Qubes OS

from Wikipedia, the free encyclopedia
Qubes OS
Qubes OS logo
Qubes-OS-Desktop.png
developer Invisible Things Lab
License (s) GNU / GPL
Current  version 4.0.2 (January 2, 2020)
Kernel Linux
ancestry GNU / Linux
↳ Fedora
↳ Qubes OS
Architecture (s) x64
qubes-os.org
qubesos4rrrrz6n4.onionOnion Service , only accessible via the Tor network .Tor-logo-2011-flat.svg

Qubes OS is a computer operating system focused on IT security , which ensures this through isolation. The virtualization required for this is made possible by Xen . The user environment can be based on Fedora , Debian , Whonix , Windows and many others.

On February 16, 2015, Qubes was selected as a finalist for the Access Innovation Prize 2014 for Endpoint Security Solution.

Security goals

Security domain scheme

Qubes provides security through isolation. The assumption is that there is no such thing as a perfect flawless desktop user experience. Such an environment consists of hundreds of millions of lines of code and billions of software and hardware interactions. A critical failure in any of these interactions could allow malicious software to take control of the PC.

To secure the desktop, a Qubes user should isolate certain parts of the user environment from other parts. In the event that either part is compromised, the malicious software can only access data that is also in the same isolated area. This means that no further damage can be done.

In Qubes, isolation is provided by two dimensions: Hardware controllers can be divided into different functional domains (for example: network domains, USB controller domains), whereas the digital life of the user is in a different level of trust. For example: work domain (highest confidentiality), purchasing domain, random domain (lowest confidentiality). Each of these domains runs in its own virtual machine (VM for short).

Qubes is not a multi-user system .

System architecture overview

Xen hypervisor and administrative domain (Dom0)

The hypervisor enables data to be isolated in different virtual machines. The administrative domain, also called Dom0 (a term derived from Xen), has direct access to all hardware by default. Dom0 provides the domain for the graphical user interface (GUI) and controls the graphical devices as well as input devices such as mouse and keyboard. The X server , which is responsible for displaying the desktop, runs in the GUI domain . The window manager , which is responsible for starting and stopping applications, is also in this domain.

The application viewer enables the different virtual machines to be displayed in one user interface. This creates the illusion for the user that the applications are being executed natively on the desktop, while they are working in isolation in different virtual machines. Qubes integrates all of these virtual machines into a common desktop environment .

Because Dom0 is particularly relevant to security, it is isolated from the network. It has as few interfaces and connections to other domains as possible, in order to keep the possibility of an attack from another infected virtual machine as low as possible.

The Dom0 domain manages the virtual hard disks of the other virtual machines, which are located as files on the Dom0 file system . The hard disk space is managed by different virtual machines, which can access the same root file system in read-only mode. A separate storage space is only used for the user data and the individual VM settings. This enables software installations and updates to be combined. Software can also be installed on a selected virtual machine. This is only possible if the software is installed as a non-root user or in the non-standard Qubes special / rw structure.

Network domain

The network mechanism is most exposed to attack. Therefore it is isolated in a separate, unprivileged virtual machine, the network domain.

An additional VM is used to seal off the Linux kernel-based firewall . The advantage is that even if the network domain is compromised because of a bug, the firewall remains isolated and protected (as if it were running in a separate Linux kernel in another virtual machine).

Virtual machine for applications (AppVM)

AppVMs are the virtual machines that are used to start user applications such as a web browser, e-mail client or a text editor. For security reasons, these programs can be grouped into different domains. For example in “Personal”, “Purchasing”, “Bank” or others. These security domains are implemented as separate virtual machines. This makes it as if they were running on different machines.

Some documents or applications can be started via the file manager in a kind of "throw-away" VM. The mechanism of sandboxing is used here. After the document or program is closed, the virtual machine is also destroyed.

Each of these security domains is given a color. Each of the program windows has exactly the color to whose domain it belongs. This means that it is always clear to which domain the following window belongs.

If the user has opened a program from a certain domain, this program can only interact with the data from this domain. For example, a word processing program that runs in the “work” domain does not see files from other domains such as “private” when opening documents, only those from its own domain.

Moving and copying data between the domains can only be done using special commands. However, these operations require user authorization and cannot be done automatically. The same goes for the clipboard . Data copied in one domain cannot be pasted in another domain. However, to enable this anyway, there is a special function in Qubes.

Web links

Commons : Qubes OS  - collection of images, videos and audio files

Individual evidence

  1. https://www.qubes-os.org/news/2020/01/02/qubes-4-0-2/
  2. Qubes OS: A reasonably secure operating system. In: qubes-os.org. November 28, 2017. Retrieved December 2, 2017 .
  3. Qubes OS Templates .
  4. Installing and using Windows-based AppVMs .
  5. Endpoint Security Prize Finalists Announced! . Michael Carbone. February 13, 2014.
  6. ^ The three approaches to computer security . Joanna Rutkowska. September 2, 2008.
  7. ^ Qubes OS: An Operating System Designed For Security . Tom's hardware. August 30, 2011.
  8. A digital fortress? . The Economist. March 28, 2014.
  9. Partitioning my digital life into security domains . Joanna Rutkowska. March 13, 2011.
  10. ^ Joanna Rutkowska: Google Groups - Qubes as a multi-user system . May 3, 2010.
  11. (Un) trusting your GUI subsystem . Joanna Rutkowska. September 9, 2010.
  12. ^ The Linux Security Circus: On GUI isolation . Joanna Rutkowska. April 23, 2011.
  13. Playing with Qubes Networking for Fun and Profit . Joanna Rutkowska. September 28, 2011.
  14. ^ Qubes To Implement Disposable Virtual Machines . OSnews. June 3, 2010.
  15. Qubes OS: Moving Data . official Qubes OS. May 8, 2017.
  16. Qubes OS: Copy and Paste . official Qubes OS. May 8, 2017.