Qubes OS 1.0 isolates programs inside virtual machines for increased security

Invisible Things Lab released the first stable version of Qubes OS, an operating system that uses virtualization to enhance security

The first stable version of Qubes OS, an open source desktop operating system designed to provide a greater level of security by isolating programs inside virtual machines with different permissions, was released Monday by Polish security firm Invisible Things Lab (ITL).

The ITL team led by CEO Joanna Rutkowska, a security researcher best known for her work in the area of low-level system security, has been developing Qubes OS for the past three years. Since Monday, version 1.0 of the operating system can be downloaded from the project's website.

Qubes OS follows a "security by isolation" design principle. Applications can be configured to run inside different "security domains" defined by the user and which are implemented as lightweight virtual machines (VMs) with separate security policies.

For example, a user could run separate instances of the same browser in their personal domain, work domain, online banking domain, each with different permissions and access to different data.

This doesn't make the browser less vulnerable to known exploits, but it can limit what attackers can do if they compromise it.

"A hypothetical exploit for your favourite web browser would work against Firefox running inside one of the Qubes VMs just as well as it worked for the same browser running on normal Linux," Rutkowska said Monday in a blog post. "The difference that Qubes makes, is that this attacked browser might be just your for-personal-use-only browser which is isolated from your for-work-use-only-browser, and for-banking-use-only-browser."

Files and text can be copied between different security domains, but these operations were implemented in a way that requires user confirmation in order to limit what an attacker can do with a compromised domain.

Users can also create so-called "disposable VMs" for opening files from untrusted sources or performing other one-time tasks that might pose security risks.

The Qubes security model is somewhat similar to that of iOS or Android, operating systems that also isolate applications inside a sandbox and ask users to grant them different permissions.

However, Qubes offers more flexibility and doesn't rely as much on security choices made by its developers. Because of this, users are expected to be able to take security decisions on their own, like what security domains to create, what restrictions to apply to them and what applications to run inside each of them.

How users are going to take advantage of Qubes' application isolation capabilities is entirely up to them, Rutkowska said. "I realize this might be a tricky part for some users and some usage scenarios, yet, on the other hand, this seems to be the most flexible and powerful approach we could provide."

"People should realize that by mere fact of using Qubes OS they won't become automatically more secure -- it's how they are going to use it might make them significantly more secure," Rutkowska said.

Qubes is based on Linux, the X Window System and the Xen hypervisor -- a virtual machine manager. However, the developers have tried to limit the amount of code that could have critical security vulnerabilities.

"In Qubes OS we took a practical approach and we have tried to focus on all those sensitive parts of the OS, and to make them reasonably secure," Rutkowska said. "And, of course, in the first place, we tried to minimize the amount of those trusted parts, in which Qubes really stands out, I think."

That doesn't mean that Qubes is guaranteed to be free of security flaws. In fact, during the development stage, researchers working on the project found three critical vulnerabilities that could have impacted the operating system's security -- one in code they wrote themselves and two in hardware from Intel.

Rutkowska invited the security community to try to break Qubes and even pointed to a page that lists where the operating system's critical code is located.

Because it is based on Linux, Qubes can run most Linux applications. In the future, it might even support Windows applications running in Windows-based virtual machines through a commercial extension.

"We believe Qubes OS represents a reasonably secure OS," Rutkowska said. "In fact I'm not aware of any other solution currently on the market that would come close when it comes to secure desktop environment."

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place