# Secure Operating System Released - Alpha Stage Open Source Development



## lotuseclat79 (Sep 12, 2003)

I've downloaded the PDF technical architecture document, and I must say it is quite exciting to see this on the horizon - a more stable release is expected at the end of this year.

The reason to be excited is that one of the foremost security researchers in the world is behind the development - Joanna Rutkowska and her Invisible Things Lab collaborator Rafal Wojtczuk! Another reason to be excited is that Johanna has already boot-strapped this new technology to her laptop and continues to develop the system on a daily basis - any competent and successful vendor does the same with their systems under development, i.e. uses them on a daily basis for normal business operations.

They describe the motivation behind their development in a very clear convincing way.

Architecture. This web page contains a download link to the pre-release architecture specification.

Key architecture features:

1. Based on a secure bare-metal hypervisor (Xen)
2. Networking code sand-boxed in an unprivileged VM (using IOMMU/VT-d)
3. No networking code in the privileged domain (dom0)
4. All user applications run in AppVMs, lightweight VMs based on Linux
5. Centralized updates of all AppVMs based on the same template
6. Qubes GUI virtualization presents applications like if they were running locally
7. Qubes GUI provides isolation between apps sharing the same desktop
8. Storage drivers and backends sand-boxed in an unprivileged virtual machine(*)
9. Secure system boot based on Intel TXT(*)
(*) Indicates feature that is planned for future releases, currently not implemented.

They nailed the current technology shortcomings: over-complexity of the OS API, insecure GUI design, and a monolithic kernel architecture. This coupled with the fact that vendors take a reactive approach to security that does not scale well is an insecure approach to providing security in their opinion.

I urge all of you to keep abreast of this development as it is open source and based on re-usable components that provide isolation capability like the Xen hypervisor, and technology like Intel VT-d and Trusted Execution Technology.

Does your computer support these technologies - make plans for it! This architecture may look familiar to many of you, but clearly does not exist with any of today's available technology.

-- Tom


----------



## lotuseclat79 (Sep 12, 2003)

Just in case any of you are wondering whether there are any other efforts out there for a Secure Operating System, here is one such example to keep track of for comparison purposes:

Battling Botnets With An Awesome OS.

*Despite security software, patches and updates, your computer remains threatened by attack and takeover from hackers and cyber-criminals who will turn your PC into their networked robot -- or "bot" -- creating mischief to mayhem by everything from spreading spam to looting bank accounts.*

Note: Both approaches are similar in that they are "virtual machine" approaches, however, Qubesos provides the framework to run other VMs, while Ethos it seems will run on a "virtual machine" computer to separate the applications.

The goal of the Ethos project is "to learn what a security OS looks like" while the Qubesos project seems to have already figured that out. What is needed is a proof-of-concept and IMHO Qubesos will accomplish that toward the end of this year with a more stable release than the current alpha.

-- Tom


----------



## tomdkat (May 6, 2006)

Thanks for the info! Qubes looks interesting, indeed! :up:

Peace...


----------



## Nebastion (Apr 24, 2009)

Yeah, after trying many distros' they all have their flaws, could this be a publicly Universal, user friendly, close to flawless OS? ......
I doubt it, but security is a Massive issue, the internet is NOT a safe place. 
Wait until the 16th see what they say about it at the Campus.

Thanks!


----------



## tomdkat (May 6, 2006)

Have you tried OpenBSD? From a security standpoint, it's supposed to be _very_ secure.

If I have the disk space, I'll install OpenBSD in a VirtualBox environment and check it out. 

Peace...


----------



## Nebastion (Apr 24, 2009)

No iv never heard of it. Its Linuxed Based??

Sorry now i dont want to change this thread into a a different topic but how hard is it to set up a VM or Virtual box environment?

I have sandboxie on my Laptop but my Desktop is Vista 64Bit, and sadly Sandoxie dont swing that way.
I usually use Ubuntu for Browsing but sometimes im in windows (LIKE NOW!!) and i brows away + some people dont know how to use Ubuntu in the house......

Could you point me in the right direction as regards as a Virtual Box please?


All the Best

Neb


----------



## tomdkat (May 6, 2006)

Nebastion said:


> No iv never heard of it. Its Linuxed Based??


Nope. OpenBSD is an open source distribution of BSD Unix. The main focus of OpenBSD is security so it's "hardened" by default, I believe. NetBSD and FreeBSD are other freely available BSD distributions out there.



> Sorry now i dont want to change this thread into a a different topic but how hard is it to set up a VM or Virtual box environment?


It's easy. 



> Could you point me in the right direction as regards as a Virtual Box please?


You can read all about VirtualBox here. VMWare could also work, if you want to check that out too.

On my Ubuntu Linux system, I've got ChromeOS, OpenSolaris, Windows 2000, and Kubuntu 9.10 installed in virtual environments and they all run fine, even on my dated AMD Athlon64 3200+ @ 2GHz CPU w/ 1.5GB of RAM. 

Peace...


----------



## Mumbodog (Oct 3, 2007)

http://qubes-os.org/Home.html http://qubes-os.org/trac/

Rafal Wojtczuk, Principal Researcher










Looks like an ax murderer, not that I know what one looks like, but if I were to imagine...


----------



## Nebastion (Apr 24, 2009)

Thanks  tomdkat ill check that out... that would be Great if i could run XP under Ubuntu, I wonder how well Games would Run?

Ill give it a go. might treat myself to a new Hardrive. Yeay.

As For the Axe Murderer Rafal Wojtczuk, (if that is your Real Name) ill look forward to seeing the outcome.










Neb


----------



## lotuseclat79 (Sep 12, 2003)

KNOS new secure OS.

Yet another effort in the Secure OS arena.

-- Tom


----------



## lotuseclat79 (Sep 12, 2003)

Other Secure OS efforts include but are not limited to:

The Coyotos Secure Operating System
and
Secure Microkernel Project (seL4) which has been formally verified, PDF link: sel_4: Formal verification of an OS kernel.

Related link to sel_4: L4 microkernel family.

-- Tom


----------



## tomdkat (May 6, 2006)

Of course, there's Chromuim OS too. 

Peace...


----------



## lotuseclat79 (Sep 12, 2003)

tomdkat said:


> Of course, there's Chromuim OS too.
> 
> Peace...


If one wants to trust Google!

-- Tom


----------



## tomdkat (May 6, 2006)

lotuseclat79 said:


> If one wants to trust Google!


Regardless, it's a secure open source OS that looks promising in the approach they're taking. 

Peace...


----------



## Mumbodog (Oct 3, 2007)

You don't have to trust Google, its is open source code can be altered for the good of all.

http://www.srware.net/en/software_srware_iron_chrome_vs_iron.p.

.


----------



## tomdkat (May 6, 2006)

Mumbodog said:


> You don't have to trust Google, its is open source code can be altered for the good of all.


Yep. Of course, we don't know what the "privacy" issues will be with Chrome OS but a fork of the OS could certainly be created. It might not be practical to fork Chrome OS but it should certainly be possible.

Peace...


----------

