Qubes OS: designed to be secure

Qubes OS adds to the list of Linux based security oriented desktop computing distros like Whonix and Tails. While most of the other distros concentrate on hardening the system, Qubes OS is designed to provide strong security using security by isolation approach.

Qubes is based on Xen, the X Window System and Linux. The desktop environment is KDE. It can run many Linux applications as well as use Linux drivers. The second release (in Sep 2014) of the distro surfaced 2 years after the first one. The upcoming release 3 will introduce Hypervisor Abstraction Layer (HAL), allowing easy porting to alternative virtualization systems.

Qubes OS architecture

As you might have guessed from the mention of Xen, Qubes uses virtualization technology to separate applications running in the userspace from each other. It can also sandbox many system level components like the storage and networking subsystems. Qubes users can define security domains, which in Qubes terminology are called AppVMs. These are very lightweight compartments and can be based on use cases like APPVMs for personal stuff, work, banking shopping etc. The applications in the AppVMs run isolated and copy-pasting is supported between AppVMs. The same applicaiton can run simultaneously under different AppVMs as well. In release 2, Qubes users can use Windows based AppVMs, which is a beta feature.

A quick peek into the key architectural features in Qubes OS:

  • Based on a secure bare-metal hypervisor (Xen)
  • Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d)
  • USB stacks and drivers sand-boxed in an unprivileged VM (experimental at the time of writing)
  • No networking code in the privileged domain (dom0)
  • All user applications run in “AppVMs,” lightweight VMs based on Linux
  • Centralized updates of all AppVMs based on the same template
  • Qubes GUI virtualization presents applications as if they were running locally
  • Qubes GUI provides isolation between apps sharing the same desktop
  • Secure system boot based (optional)

Qubes OS is distributed as a 64-bit DVD-sized ISO.

Webpage: Qubes OS

Leave a Reply

Your email address will not be published. Required fields are marked *