Open source Qubes OS alpha available

Xen-based virtual machines form basis of secure, open-source operating system

The security researcher who invented malware known as Blue Pill has come up with a secure open source operating system called Qubes OS that is available for alpha-testing downloads.

With Qubes OS, Joanna Rutkowska is borrowing from the expertise she demonstrated four years ago when she virtualized a rootkit to create Blue Pill.

Top 10 YouTube hacking videos

Qubes OS employs Xen virtual machines (VM) as building blocks in which users organize groups of applications. These Linux-based VMs are managed on a single piece of hardware managed by a Xen hypervisor, keeping applications used at work, for example, separate from applications used at home.

So if one VM is set up for Web browsing and during a visit to an infected site a worm gets downloaded, the worm cannot access the other VMs on the same piece of hardware. It is isolated and the applications located on the other VMs continue to work unencumbered.

The primary task of Qubes OS is to isolate VMs from each other. The operating system itself creates a set of VMs such as the network VM and storage VM. The network VM, for instance, isolates networking code in the device from all the other applications on the hardware. If the network VM is compromised the device becomes unable to network and is isolated, but the rest of the code on the machine remains intact.

The operating system comes with a secure graphical user interface subsystem for managing all the VMs and to display available applications that are divided up among more than one VM. The GUI also supports secure cutting and pasting between VMs as well as transferring files without risk of infection spreading, according to a white paper on Qubes OS architecture.

To boost efficiency, all VMs that share a single operating system (so far Qubes supports just Linux but it could support other operating systems) share a single read-only file system to prevent replicating a full Linux image for each VM. The paper says Rutkowska's group chose Xen for its size vs. using a Linux kernel on the hardware supplemented by a KVM hypervisor.  Xen's inherent relative simplicity makes it easier to audit for security problems.

Rutkowska says in her blog that her firm, Invisible Things, has been working on Qubes OS for the past six months and just announced its availability Wednesday. The link to the project Web site was busy Wednesday and Rutkowska advised readers to wait until later this week when the initial rush has died down before trying to download the software.

She says she uses Qubes OS on a Macbook for work, shopping, banking, browsing and for developing Qubes.

Read more about software in Network World's Software section.

More about: 2C, KVM, Linux
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: open source, qubes OS, rootkits, virtual machines
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/22/cdex/

CDex

CDex can extract the data directly (digital) from an Audio CD, which is generally called a CD Ripper or a CDDA utility.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia