Linked by Thom Holwerda on Wed 7th Apr 2010 22:17 UTC
OSNews, Generic OSes "Joanna Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, has released a new open-source operating system meant to provide isolation of the OS's components for better security. The OS, called Qubes, is based on Xen, X and Linux and is in a basic, alpha stage right now. Qubes relies on virtualization to separate applications running on the OS and also places many of the system-level components in sandboxes to prevent them from affecting each other."
Order by: Score:
Microkernel
by ebasconp on Wed 7th Apr 2010 22:54 UTC
ebasconp
Member since:
2006-05-09

what is the difference between the Qubes OS architecture and the architecture of a "microkerneled" OS?

As far as I know, in a microkernel, all the process isolation provided by hardware is modelled through "servers" that get communicated to each other through some mechanism of interprocess communication. Indeed, L4 (in the same way than Xen in this case) is used as an hypervisor that can run several "personalities", as several Linux guests (http://os.inf.tu-dresden.de/L4/LinuxOnL4/) or other native ones.

Reply Score: 3

RE: Microkernel
by onetwo on Thu 8th Apr 2010 07:45 UTC in reply to "Microkernel"
onetwo Member since:
2009-01-22

I reckon they are both semantically very close; where these two approaches diverge is the specifics of "implementation". In relation, an interesting view-point (mind the pun) can also be expressed as to the logical path kernel designers/ programmers have walked towards the result of the microkernel and the bear-metal hypervisor architectures respectively (bottom-up vs. top-down).

One thing I see as inevitable is the not-so-distant-future convergence of both design approaches.

I should add that the pdf [http://qubes-os.org/files/doc/arch-spec-0.3.pdf] provided on the website is a good read, although a bit too cursory when it comes to architectural intricacies. Attack vectors are also investigated.

Reply Score: 1

Tuishimi
Member since:
2005-07-06

Would there be additional overhead from a scenario such as ebasconp mentioned (microkernel, servers...)?

Reply Score: 2

This sounds pretty sweet
by Dirge on Thu 8th Apr 2010 00:55 UTC
Dirge
Member since:
2005-07-14

Personally I could really use a trustworthy environment for internet banking and the like. This project sounds awesome!

Reply Score: 2

RE: This sounds pretty sweet
by Dirge on Thu 8th Apr 2010 01:33 UTC in reply to "This sounds pretty sweet"
Dirge Member since:
2005-07-14

Here is a link to the Qubes OS homepage.

http://qubes-os.org/Home.html

Reply Score: 1

Unoriginal name
by Bobthearch on Thu 8th Apr 2010 05:12 UTC
Bobthearch
Member since:
2006-01-27

Couldn't think of an original name?

QubeOS was an operating system from InteractiveStudios years ago that ran within Windows. Remember the slogan, "Qube, it wants to be better"?

Or is QubesOS somehow related to QubeOS?

Reply Score: 2

RE: Unoriginal name
by Laurence on Thu 8th Apr 2010 14:32 UTC in reply to "Unoriginal name"
Laurence Member since:
2007-03-26

Couldn't think of an original name?

QubeOS was an operating system from InteractiveStudios years ago that ran within Windows. Remember the slogan, "Qube, it wants to be better"?

Or is QubesOS somehow related to QubeOS?


Wikipedia [ http://en.wikipedia.org/wiki/QubeOS ] says QubeOS was a graphical shell for FreeDOS rather than a complete OS or an "OS inside Windows"

Going by that, I very much doubt QubeOS and Qubes have anything in common what-so-ever.

Besides, with the number of shells and OSs out there -let alone software as a whole - naming similarities are inevitable. What matters is that names aren't the same, which in this case they're not.

Edited 2010-04-08 14:32 UTC

Reply Score: 2

RE[2]: Unoriginal name
by Bobthearch on Fri 9th Apr 2010 06:34 UTC in reply to "RE: Unoriginal name"
Bobthearch Member since:
2006-01-27

Qube installed within Windows, like an application. Maybe FreeDOS was part of the installation package, I don't know.

That's beside the point though. Creating a product name that's only one letter different than an earlier or existing product... remember what happened to Lindows?

Reply Score: 2

RE[3]: Unoriginal name
by Laurence on Fri 9th Apr 2010 10:22 UTC in reply to "RE[2]: Unoriginal name"
Laurence Member since:
2007-03-26

Qube installed within Windows, like an application. Maybe FreeDOS was part of the installation package, I don't know.


Yeah, but it would still only be a shell for DOS.


That's beside the point though. Creating a product name that's only one letter different than an earlier or existing product... remember what happened to Lindows?


You're comparison is flawed:
-> Lindows intended to clone Windows' look and feel
-> QubeOS and Qubes have /NOTHING/ in common aside a name similarity.


What you're suggesting is akin to saying "Burger King" should change their name because it sounds the blues legend "BB King".

Reply Score: 2

RE[3]: Unoriginal name
by arpan on Sat 10th Apr 2010 13:27 UTC in reply to "RE[2]: Unoriginal name"
arpan Member since:
2006-07-30

Yeah, I remember, Microsoft sued Lindows, but the case finally ended with Microsoft paying Lindows to change their name. They received several million dollars and only had to change their name! That looks like a win to me.

Reply Score: 1

Comment by Jondice
by Jondice on Thu 8th Apr 2010 17:06 UTC
Jondice
Member since:
2006-09-20

How similar is this to Solaris Trusted Zones? I played with them briefly but am not a security expert. I think this stuff is cool, but I trust myself completely, at least in unix.

Reply Score: 2

Comment by Nitrodist
by Nitrodist on Fri 9th Apr 2010 03:24 UTC
Nitrodist
Member since:
2010-04-09

I wonder why they have chosen Fedora as their base install. I would have assumed they would have opted for Debian stable or OpenBSD.

Reply Score: 1

RE: Comment by Nitrodist
by Lazarus on Fri 9th Apr 2010 21:51 UTC in reply to "Comment by Nitrodist"
Lazarus Member since:
2005-08-10

I wonder why they have chosen Fedora as their base install. I would have assumed they would have opted for Debian stable or OpenBSD.


I've no idea about Debian, but OpenBSD in no way supports Xen, certainly not as a Dom0.

Reply Score: 2