Linked by Thom Holwerda on Wed 7th Apr 2010 22:17 UTC
OSNews, Generic OSes "Joanna Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, has released a new open-source operating system meant to provide isolation of the OS's components for better security. The OS, called Qubes, is based on Xen, X and Linux and is in a basic, alpha stage right now. Qubes relies on virtualization to separate applications running on the OS and also places many of the system-level components in sandboxes to prevent them from affecting each other."
Thread beginning with comment 417641
To read all comments associated with this story, please click here.
Microkernel
by ebasconp on Wed 7th Apr 2010 22:54 UTC
ebasconp
Member since:
2006-05-09

what is the difference between the Qubes OS architecture and the architecture of a "microkerneled" OS?

As far as I know, in a microkernel, all the process isolation provided by hardware is modelled through "servers" that get communicated to each other through some mechanism of interprocess communication. Indeed, L4 (in the same way than Xen in this case) is used as an hypervisor that can run several "personalities", as several Linux guests (http://os.inf.tu-dresden.de/L4/LinuxOnL4/) or other native ones.

Reply Score: 3

RE: Microkernel
by onetwo on Thu 8th Apr 2010 07:45 in reply to "Microkernel"
onetwo Member since:
2009-01-22

I reckon they are both semantically very close; where these two approaches diverge is the specifics of "implementation". In relation, an interesting view-point (mind the pun) can also be expressed as to the logical path kernel designers/ programmers have walked towards the result of the microkernel and the bear-metal hypervisor architectures respectively (bottom-up vs. top-down).

One thing I see as inevitable is the not-so-distant-future convergence of both design approaches.

I should add that the pdf [http://qubes-os.org/files/doc/arch-spec-0.3.pdf] provided on the website is a good read, although a bit too cursory when it comes to architectural intricacies. Attack vectors are also investigated.

Reply Parent Score: 1