Qubes OS: Security Over Virtualization

Qubes OS is a new operating system aims provide more safety measures to users; the idea behind this operating system is to protect users against new malware as it builds a Security Isolation technique based on the virtualization.

To understand methods to secure OS Level there is three categories:

1) Security by Correctness (secure coding).
2) Security by Isolation
3) Security by Obscurity

The first method is to involve a full review of operating system code (including kernel and application software) it is very hard to believe that the operating system is fully secure with the complexity of today’s operating system that’s why we are finding on a daily bases new vulnerabilities discovered and patches are issued.

Some automated tools may help in the OS code Auditing like Flawfinder which is a program that examines source code and reports possible security weaknesses (flaws) sorted by risk level. RATS – Rough Auditing Tool for Security an open source tool developed and maintained by Secure Software security engineers or Skavenger.

The second method is lower level isolation this method will eliminate greatest security threat as in the operating system there is many drivers and applications and each may have a new vulnerability to provide attacker a point of access to harm or damage the system. Isolating will make each driver, file system or network runs in a separate process.

Now Xen Qubes OS allows having isolation mechanism of the executable code better than classical operating systems as it uses Intel VT-d technology. Which makes all hardware drivers code runs separately. All programs and Applications are virtualized under domains and they run under Linux system to make them not consuming a lot of memory resources.

We start by looking at the administrative domain (Dom0) this domain hosts the XenStore which is used for managing the system and contains information about different domains. This domain has access to all other domains for any modification or settings. Here if a hacker gets access to (Dom0) he will have a full control on all other applications domain.

The second domain is the network domain which runs network drivers and programs. As in TCP/IP protocol there has been a lot of vulnerabilities which provides hackers access to the OS kernel level and all operating system. So here we find the desired security as if a hacker get access to network domain all files and system remain safe while all users’ data and applications are not shared between domains.

But this is not the full story as if an intruder gets access to the network domain he can perform MITM attack on other domain and intercept the traffic sent by users as browsing the internet, he may also inject the packets or just shut down the network domain. But the good point that the domain can be restored quickly and most traffic are encrypted.

The third domain is Storage Domain which works with the hard drives and file system the dedicated domain encrypts all private data and uses a digital signature for authenticating the administrative domain.

The interesting thing that today we are finding virtualization solving many security problems. this is not the first project that uses virtualization to isolate and protect the system but it’s a promising project that will be certainly used by most OS developer in the near future.

make sure you subscribe to my RSS feed!