Qubes OS is becoming more and more advanced, polished, and user friendly OS.
But Qubes OS, even as advanced as it
is now, surely have its limitations. Limitations, that for some users
might be difficult to accept, and might discourage cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m from even
trying out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS. One such limitation is lack of 3D graphics support
for applications running in AppVMs. Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r one is
still-far-from-ideal hardware compatibility – a somehow inherent
problem for most (all?) Linux-based systems.
There is also one more “limitation” of Qubes OS, particularly
difficult to overcome... Namely that it is a standalone Operating
System, not an application that could be installed inside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
user's existing OS. While
installing a new application that increases system's security is a
no-brianer for most people, switching to a new, exotic OS, is quite a
different story...
Before
I discuss how we plan to address those limitations, let's first make
a quick digression about what Qubes really
is,
as many people often get that
wrong...
What
Qubes IS, and what Qubes IS
NOT?
Qubes
surely is not Xen! Qubes only uses
Xen to create isolated
containers – security domains (or
zones).
Qubes also is not a Linux distribution! Sure,
we currently use Fedora 18 as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 default template for AppVMs, but at
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same time we also support
Windows VMs. And
while we also use Linux as
GUI and admin domain, we could really use something different –
e.g. Windows as GUI domain.
So,
what is Qubes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n? Qubes (note how I've suddenly dropped cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS
suffix) is several things:
- The way how to configure, harden, and use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMM (e.g. Xen) to create isolated security domains, and to minimize overall system TCB.
- Secure GUI virtualization that provides strong gui isolation, while at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same time, provides also seamless integration of all applications running in different VMs onto one common desktop. Plus a customized GUI environment, including trusted Window Manager that provides unspoofable decorations for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 applications' windows.
- Secure inter-domain communication and services infrastructure with centrally enforced policy engine. Plus some “core” services built on top of this, such as secure file exchange between domains.
- Various additional services, or “addons”, built on top of Qubes infrastructure, such as Disposable VMs, Split GPG, TorVM, Trusted PDF converter, etc. These are just few examples, as basically cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sky is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 limit here.
- Various additional customizations to all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 guest OSes that run in various domains: GUI, Admin, ServiceVMs, and AppVMs.
Introducing
Qubes HAL: Hypervisor
Abstraction Layer
Because
Qubes is a bunch of technologies and approaches that are mostly
independent from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 underlying hypervisor, as
discussed above, it's
quite natural to consider if we could easily build an abstraction
layer to
allow
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
use
of
different
VMMs with Qubes, instead of
just
Xen? Turns
out this is not as difficult as we originally thought,
and
this is exactly cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 direction we're taking right now with
Qubes Odyssey!
To
make this possible we're going to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 libvirt project.
So, we might imagine Qubes that is based on Hyper-V or even Virtual
Box or VMWare Workstation. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last two Qubes would no
longer be a standalone OS, but racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r an “application” that one
installs on top of an existing OS, such as Windows. The obvious
advantage we're gaining here is improved hardware compatibility, and
ease of deployment.
And we can go even furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r and ask: why not use Windows Native
Isolation, i.e. mechanisms such as user account separation, process
isolation, and ACLs, to implement domain isolation? In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words
why not use Windows OS as a kind of “VMM”? This would furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r
dramatically improve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n lightness of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system...
Of course cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 price we pay for all this is progressively degraded
security, as e.g. Virtual Box cannot be a match to Xen in terms of
security, both architecturally and implementation-wise, and not to
mention cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 quality of isolation provided by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Windows kernel,
which is even less.
But on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r hand, it's still better than using “just Windows”
which offers essentially only one “zone”, so no domain isolation
at all! And if we can get, with minimal effort, most of our Qubes
code to work with all those various isolation providers cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n... why
not?
Being able to seamlessly switch between various hypervisors is only
part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 story, of course. The remaining part is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 support for
different OSes used for various Qubes domains. Currently we use
Linux, specifically Fedora 18, in our GUI & Admin domain, but
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no fundamental reason why we couldn't use Windows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re
instead. We discuss this more in-depth in one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 paragraphs
below.
The diagram below tries to illustrate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trade-offs between hardware
compatibility and ease of deployment vs. security when using
different isolation backends with Qubes. Some variants might also
offer additional benefits, such as “super-lightness” in terms of
CPU and memory resources required, as is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case with
Windows Native Isolation.
Some example configurations
Let's
now discuss two extreme variants of Qubes – one based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
baremetal Xen hypervisor and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r one based on Windows Native
Isolation, so a variant from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 opposite
end
of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spectrum (as shown on
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 illustration above).
The
diagram below shows a
configuration that uses a
decent baremetal
hypervisor, such as Xen, with abilities to securely assign devices to untrusted
service domains
(NetVM, UsbVM). So, this is
very similar to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current Qubes OS.
Additionally
we
see
separate GUI and Admin
domains:
the
GUI domain might perhaps be based on Windows, to provide users with a
familiar UI, while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Admin
domain, tasked with domain
management and policy enforcement,
might be based on some minimal Linux distribution.
In
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current
Qubes OS cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no
distinction between a GUI and
an Admin
domain --
both are hosted
within one domain called “dom0”. But in
some cases cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are
benefits of separating
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 GUI domain from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Admin domain. In
a corporate scenario, for
example, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Admin domain might
be accessible only to
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IT department and not to
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end user. This way cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 user would
have no way of modifying
system-wide policies, and e.g. allowing
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir “work” domain to suddenly talk to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wild
open Internet, or
to copy work
project files from “work” to “personal” domains
(save for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exotic, low-bandwidth
covert channels, such as through CPU cache).
The
ability to deprivilege networking and USB stacks by assigning
corresponding devices (NICs, and USB controllers) to untrusted, or
semi-trused, domains provides great security benefits.
This automatically
prevents various attacks against
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bugs
in WiFi stacks or
USB stacks.
What
is not seen on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 diagram, but what is typical for baremetal
hypervisors is that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y
are usually much smaller than hosted hypervisors, implementing
less services, and delegating
most tasks, such as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
infamous I/O emulation to (often)
unprivileged VMs.
Let's
now look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r extreme example of using Qubes – cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 diagram
below shows an architecture
of a “Qubized” Windows system that uses eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r a hosted VMM, such
as Virtual Box or VMWare Workstation, or even cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
previously mentioned Windows
Native Isolation mechanisms, as an isolation provider for domains.
Of
course this architecture lacks many benefits discussed above, such as
untrusted domains for networking and USB stacks, small hypervisors,
etc. But it still can be used to implement multiple security domains,
at a
much lower “price”: better hardware compatibility, easier
deployment, and in case of Windows Native Isolation – excellent
performance.
And
it really can be made reasonable, although it might require more
effort than it
might seem at first sight.
Take Windows Native Isolation – of course just creating different
user accounts to represent different domains is not enough, because
Windows still doesn't implement true GUI-level isolation. Nor network
isolation. So, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a challenge to do it right, and “right”
in this case means to
make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 isolation as good as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Windows kernel can isolate
processes from different users from each ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r.
Sure, a single kernel
exploit destroys this all, but it's still better than “one
application can (legally) read all my files” policy that 99% of all
desktop OSes out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re essentially implement today.
Now,
probably cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best thing with all this is that once we implement a
product based on, say, Qubes for Windows, togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r with various cool
“addons” that will take advantage of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Qubes services
infrastructure, and which shall be product-specific, it should cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n
be really easy to upgrade to anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r VMM, say Hyper-V to boost
security. And cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 users shall not even notice a change in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 UI,
save for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 performance degradation perhaps (well, clearly automatic
creation of VMs to handle various users tasks would be more costly on
Hyper-V than with Windows Native Isolation, where “VMs” are just... processes).
Qubes
building blocks – implementation
details
Let's
have a look now at
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 repository layout for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest Qubes OS
sources – every name listed below represents a separate code
repository that corresponds to a logical module, or a building block
of a Qubes system:
core-admin
core-admin-linux
core-agent-linux
core-agent-windows
core-vchan-xen
desktop-linux-kde
desktop-linux-xfce4
gui-agent-linux
gui-agent-windows
gui-agent-xen-hvm-stubdom
gui-common
gui-daemon
linux-dom0-updates
linux-installer-qubes-os
linux-kernel
linux-template-builder
linux-utils
linux-yum
qubes-app-linux-pdf-converter
qubes-app-linux-split-gpg
qubes-app-linux-tor
qubes-app-thunderbird
qubes-builder
qubes-manager
vmm-xen
vmm-xen-windows-pvdrivers
Because
current Qubes
R2 still doesn't use HAL layer to support different hypervisors, it
can currently be used
with only
one hypervisor, namely Xen,
whose code is provided by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vmm-xen
repository (in an ideal world we would be just using vanilla Xen
instead of building
our own from sources, but in
reality we like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ability to build it ourselves, slightly modifying
some things).
Once
we move towards cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Qubes
Odyssey architecture (essentially
by replacing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
hardcoded calls to Xen's
management stack, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
core-admin
module, with
libvirt calls), we could cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n
easily switch Xen for ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r hypervisors, such as Hyper-V or Virtual
Box. In case of Hyper-V we would not have access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sources of
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMM, of course, so would just be using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stock binaries,
although we still might want to maintain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
vmm-hyperv
repository that could
contain various hardening scripts and configuration files for this
VMM. Or
might not. Also, chances are
high that we would be just able to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stock libvirt drivers
for Hyper-V or Virtual Box,
so no need for creating core-libvirt-hyperv
or core-libvirt-virtualbox
backends.
What
we will need to provide, is our
custom inter-domain
communication library for
each hypervisor supported.
This means we will need to
write core-vchan-hyperv
or core-vchan-virtualbox.
Most (all?) VMMs do provide some kind of API for inter-VM
communication (or at least VM-host communication), so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main task
of such component is to wrap cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
VMM-custom mechanism with
Qubes-standarized
API for vchan (and this
standardization is one thing we're currently working on).
All in all, in
most cases this will be a
simple task.
If we, on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r hand, wanted to
support an “exotic” VMM, such as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previously mentioned Windows
Native Isolation, which is not really a true VMM, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n we will need
to write our own libvirt backend to support is:
core-libvirt-windows
... as well as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 corresponding
vchan module (which should be especially trivial to write in this
case):
core-vchan-windows
Additionally,
if we're building a system where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Admin domain is not based on
Linux, which would likely
be
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case if we used Hyper-V, or Virtual Box for Windows, or,
especially, Windows Native Isolation, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n we should also provide
core-admin-windows
module, that, among ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r things, should
provide
Qubes
qrexec
implementation, something that is highly OS-dependent.
As can be seen
above, we currently only have core-admin-linux,
which is understandable as we currently use Linux in Dom0. But cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
good news is that we only need
to write
core-admin-XXX
once for each OS that is to be supported as an Admin
domain, as
this code
should not be depend on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 actual VMM used (thanks to our smart
HAL).
Similarly,
we also need to assure that our gui-daemon
can run on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OS that is to
be used
as a
GUI
domain (again, in most cases GUI domain would be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same as Admin
domain, but not always). Here cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 situation is generally much easier
because “with just a few #ifdefs” our current GUI
daemon should compile and run on most OSes, from Linux/Xorg to
Windows and Macs (which
is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reason we only have one gui-daemon
repository, instead of several gui-daemon-XXX).
Finally
we should provide some code that will gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 components
needed
for our specific product and package this all into eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r an
installable ISO, if
Qubes is to
be a
standalone OS, like
current Qubes,
or into
an executable,
in case Qubes is to
be an
“application”. The installer, depending on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 product, might do some cool things, such as e.g. take current user system and automatically move it into one of Qubes domains.
To
summary, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se would be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 components needed to build “Qubes for
Windows” product:
core-admin
core-admin-windows
core-agent-windows
core-vchan-windows
core-libvirt-windows
desktop-windows
gui-agent-windows
gui-common
gui-daemon
windows-installer-qubes-for-windows
qubes-builder
qubes-manager
Additionally we
will likely need a few qubes-app-*
modules that would implement some "addons", such as perhaps
automatic links and documents opening in specific VMs, e.g.:
qubes-app-windows-mime-handlers
Here, again,
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sky's cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 limit and this is specifically cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 area where each
vendor can go to great lenghts and build killer apps using our Qubes
framework.
Now,
if we wanted to create "Qubes for Hyper-V" we would need cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following
components:
core-admin
core-admin-windows
core-agent-linux
core-agent-windows
core-vchan-hyperv
desktop-windows
gui-agent-linux
gui-agent-windows
gui-common
gui-daemon
windows-installer-qubes-hyperv
qubes-app-XXX
qubes-builder
qubes-manager
vmm-hyperv
Here, as an example, I also left
optional core-agent-linux and
gui-agent-linux components
(cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same that are to be used with Xen-based Qubes OS) to allow
support for also Linux-based VMs – if we can get those “for
free”, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n why not!
It should be striking how many of
those components are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same in both of those two cases –
essentially cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only differences are made by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 use of different
vmm-* components and, of
course, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 different installer
It should be also clear now how this
framework now enables seamless upgrades from one product (say Qubes
for Windows) to anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r (say Qubes for Hyper-V).
Licensing
Our business
model assumes working with vendors, as opposed to end users, and
licensing to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m various code modules needed to create products
based on Qubes.
All cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 code
that comprises cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 base foundation needed for creation of any Qubes variant
(so core-admin, gui-common,
gui-daemon, qubes-builder
and qubes-manager) will be
kept open source, GPL specifically. Additionally all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 code needed
for building of Xen-based Qubes OS with Linux-based AppVMs and
Linux-based GUI and Admin domains, will continue to be available as
open source. This is to ensure Qubes OS R3 that will be based on this
framework, can remain fully open source (GPL).
Additionally we
plan to double-license this core open source code to vendors who
would like to use it in proprietary products and who would not like
to be forced, by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 GPL license, to share cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 (modified) sources.
All cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r
modules, especially those developed to support ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r VMMs (Hyper-V,
Virtual Box, Windows Native Isolation), as well as those to support
Windows OS (gui-agent-windows,
core-agent-windows,
core-admin-windows, etc) will
most likely be proprietary and will be available only to vendors who
decide to work with us and buy a license.
So, if you want
to develop an open source product that uses Qubes framework, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n you
can freely do that as all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 required core components for this will
be open sourced. But if you would like to make a proprietary product,
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n you should buy a license from us. I think this is a pretty fair
deal.
Current
status and roadmap
We're currently
working on two fronts: one is rewriting current Qubes code to support
Qubes HAL, while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r one is adding a backend for Windows Native
Isolation (which also involves doing things such as GUI isolation right on Windows).
We believe that by implementing two such extreme backends:
Xen and Windows Native Isolation we can best show cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 flexibility of
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 framework (plus our customer is especially interested in this
backend;)
We should be able to publish some code, i.e. cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 framework
togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r with early Qubes OS R3 that will be based on it, sometime in
fall or maybe earlier.
We obviously
are determined to furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r develop Xen-based Qubes OS, because we
believe this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most practically secure OS available today, and we believe such OS should be open source.
Qubes R2 will still be based on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
Xen-hardcoded code, because it's close to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 final release and we
don't want to introduce such drastic changes at this stage. The only
thing that Qubes R2 will get in common with Qubes Odyssey is this new
source code layout as presented above (but still with hardcoded xl
calls and xen-vchan).
So, this is all
really exciting and a big thing, let's see if we can change cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 industry with this :)
Oh, and BTW,
some readers might be wondering why cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 framework was codenamed
“Odyssey” -- this is obviously because of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 “HAL” which plays a
central role here, and which, of course, also brings to mind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
famous Kubrick's movie.
17 comments:
Sounds awesome!
Joanna, what you and your team are working on is really revolutionary.
Most cyber attacks could be stopped in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 US government would use this technology in all of its departments.
Joanna,
I am amazed at what you have created. We are looking at how we can integrate your work in our commercial application. I have been watching since R1 and I am really excited by your progress. Have you thought about a BSD release With your duel licensing approach? Racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n Linux? This will allow more flexibility for commercial firms. (Qubes OS BSD)
I can only welcome your new approach to generalize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Qubes concept and thus have it appeal to a broader user and OS base. And I certainly wish you cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 very best in your attempt to attract commercial vendors: I guess doing all this good work on consultant fees only is too much living on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 edge.
I see strong parallels to my two ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r favorite open source projects, OpenVZ and openQRM as far as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 commercialization is concerned.
But just like with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OpenVZ version for Windows I'm a bit afraid cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is only two options in that camp:
a) your work will be largely ignored when it should be mainstream
b) Microsoft will make you an offer you can't refuse
Meanwhile I just hope some patent troll can't steal or block your wonderful work.
Unfortunately a technically well designed and from an end user perspective attractive product rarely is a good sell or downright shot down by vendors who fear losing a bit of grip on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir customers.
Here are my thoughts from a corporate perspective:
I design technical infrastructure in a payment industry company so security is very dear to me also professionally.
My first impression was that Qubes was first and formost a proof of concept and largely driven by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 use case of being your personal productivity workstation driver.
Now that you are reaching out into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 commercial space, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are currently three primary use cases in our company (and most likely many ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs):
1. Server
2. Worktation/Fat Client
3. VDI/Server based fat client + display-only thin client
And I don't see Qubes yet playing very well in any of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se use cases which seem best in terms of revenue stream and security needs.
I could certainly see us paying for something ready to use in all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 above, because our company is a very likely target for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 criminal industry.
Our servers are of course GUI-less and we'd need a mix of OpenVZ we currently use to consolidate virtualized server loads at 1:50 or better as well as Qubes to isolate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 I/O and management stacks. I/O overhead and latencies here would need to be optimized as much as possible and automated deployment via kickstart/PXE boot like mechanisms is a must.
The run-time aspect of workstation is probably best covered today, but Qubes would need some unique deployment advantages to appeal to workstation admins. Ironically our vPro desktop was almost ideal about two years ago, when we depoyed almost exclusively Q based chipsets, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se days cost pressures is losing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 potential window of opportunity to H based chipsets which have VT-d fused off.
AMD APU parts would have been a great alternative because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y always come full featured in terms of virtualization support, but with AMD fighting for survival and dropping IOMMU2 software support cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y seem a very unsafe bet: There is also no APU based corporate client hardware out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re.
For me VDI servers are a next logical place to deploy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Qubes concept, but what you have currently doesn't seem to integrate easily with terminal servers or server based VMs. Of course cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 major players in that market like Citrix, VMware and I guess Microsoft take no prisoners and won't easily tolerate a cross vendor Qubes for VDI and TS.
Like so often before I can see all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 differnt parts out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re fitting togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r in an ideal fashion for potential clients, but very little chance for this actually happening without major gotchas.
Hope you prove me wrong and are successful in all those use cases!!
Do you have plan for porting QuebesOS on mobile platform? I planning to study and develop cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mobile platform base on Xen-ARM (just for personal open source project, nonprofit). What do you think about QuebesOS mobile? Can I ask about your opinion as a developer? For example, in a point of view performance, utility, or any kind of things.
@Yeongdeok: at this moment we don't such plans, but with Qubes Odyssey Framework this is certainly possible. Questions about performance should really be asked to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 specific VMM developers (e.g. Xen Arm Project).
First, let me say - great job with everything so far!
Anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r interesting thing to look into might be using hardware machines instead of VMs - maybe even with different CPU architectures.
Something like a physical network of Raspberry PI machines, controlled by an Admin and/or GUI which runs on a high-end laptop or PC. The setup can have firewall-machine and net-machine roles, just like in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 regular Qubes OS.
Or a future single-board system that has multiple chips as separate systems.
Or a mix of Xen VT-d-enabled VMs and hardware machines.
The end result can look cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same as running Qubes OS on a single system with VT-d.
@anonymous-who-propses-to-use-multiple-physical-boxes:
Surely doable, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 networking would have to be handled smartly, so that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TCP/IP and WiFi/BT stacks not be part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 TCB. Doable, I think.
What about KVM? It is supported by libvirt, and if one wants to stick with linux entirely it would be first choice - will Qubes Oddyssey support it as well?
Joanna,
speaking of Qubes Odyssey: Wouldn´t you converge to products like eg Bromium (which you compared to cubes here http://cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365invisiblethings.blogspot.de/2012/09/how-is-qubes-os-different-from.html)? And your mentioned attack vectors like usb attacks and hooking into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 GUI subsystem would also apply?
regards, joerg
@joerg:
As has been mentioned multiple times in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 article, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 purpose of Odyssey is to allow a whole spectrum of products, balancing security vs. hardware compatibility/ease of deployment. Even though cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 variants from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "low-security" end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spectrum share some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 weakness of ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r products, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 big advantage is that one can almost seamlessly upgrade to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 more secure variants from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 spectrum.
Qubes Odyssey is all about giving cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 customer freedom in making cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 decision how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y want to balance security vs. hardware compatibility and ease of deployment. Qubes Odyssey provides infrastructure to build very secure client systems. Whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r people would like to use its full potential is up to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 customer...
As for us, ITL, we will, of course, continue cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 development of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 open source Qubes OS, also based on Odyssey Framework as well as on Xen and Linux, which we believe is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most practically secure solution for desktop computing.
I have just installed beta 3. I had beta 2 installed but didn't have much time to fool with it. I am clueless when it comes to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 level of knowledge you all are at. I don't understand much of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discussion but I do understand hardware fairly well. But what I do know is that I was able to install Qubes with no problem and can use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 default appVMs as designed. I have, in beta 2, also created some appVMs. While I may know a little more than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 average user I don't see installation and use as being any more difficult than Windows 8 (8 disks (OEM disks), 4 hours and 3 tries before it installed properly, 1 disk, 40 minutes, 1 try to install Qubes). It may seem more difficult than it is when a rook like me looks at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 blog and comments but you are talking about things most users will never concern cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves with. With some education and good plain language guidance most of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 commercial market could easily be using Qubes. I like Qubes a lot, I would like it to be my every day, go-to OS. Right now that isn't possible (need some Win only hardware) but with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 many improvements in each update, Qubes will soon be standing alone on my system. Great OS! Great job! Keep up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 good work!
Just curious, where does kvm-qemu sit in all this, I see no mention of it, do you see it a liability security-wise, worse than windows???
Will be watching.
I keep hoping that some hardware vendor might pair with you to sell a laptop with Qubes-OS preloaded, and with all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 requisite hardware to fully support it.
Hello Joanna,
Incredible work, thank you. Surely and sorely needed in today's computing environment.
Regarding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Windows process level implementation option, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a commercial product I use that does something similar to this called WinPatrol, maybe worth having a look at for ideas.
Joanna and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 team,
Everyone says "thank you" so I will do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 opposite ;-)
Go to hell, all (cyber/IT)criminals will loose cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir jobs and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n what? Many security officers will loose cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir jobs. And cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n what? ;-)
PS. Good job. I am observing this project quite for some time and I am more and more impressed.
Post a Comment