Qubes OS: a Xen-Based OS Built for Security Current Operating Systems

Total Page：16

File Type：pdf, Size：1020Kb

Hamed Ghavamnia – 88700188 – Advanced Operating Systems Qubes OS: A Xen-based OS built for Security Current operating systems being used on desktops, such as Windows, Mac OS X, or even Linux-based systems have proven incapable of providing complete security for their users. The major problem is their inability to provide isolation between different programs. The problem begins when software on the OS get compromised (due to a bug). The inexistence of isolation between programs allows the compromised software to take down the whole system. One solution might be to take out all the bugs when writing software, but this solution can never be done. There will always be a bug that can be exploited. This situation is a direct result of a bad architectural design in usual operating systems. The creators of The Qubes OS believe the solution to this problem isn’t creating better software, but changing the architecture. On the other hand, creating a new operating system is too time-consuming, so they’ve tried to use ready-to-use building blocks as much as they can. Qubes uses the Xen hypervisor. Xen is a virtual machine monitor, which can run on different hardware architectures[1]. Several operating systems can be run at the same time on the same hardware. The hypervisor is the closest layer to the hardware. It doesn’t have much code, so it’s more secure than usual operating systems [2]. Xen has its own operating system, but it differs with Qubes a lot. The Xen OS has a hypervisor, in which different guest operating systems can load, but in Qubes there is one OS and the other applications can load in an isolated virtual machine. Some of the problems of the Xen OS are stated in [3]. In this survey, the architecture of Qubes will be studied and its differences with the Xen hypervisor- based OS will be described. [1] Barham, P. Dragovic, B. Fraser, K. et al. Xen and the art of virtualization. Proceedings of the nineteenth ACM symposium on Operating systems principles, 2003, pp. 164-177 [2] Dong, Y.Li, S. et al. Extending xen with intel virtualization technology. Intel Technology Journal 10(3) , 2006, pp. 193-203. [3] Wojtczuk, R. Rutkowska, J. Attacking Intel Trusted Execution Technology. In Black Hat DC , February 2009 .

Copy Link

Recommended publications

Industrial Control Via Application Containers: Migrating from Bare-Metal to IAAS
Industrial Control via Application Containers: Migrating from Bare-Metal to IAAS Florian Hofer, Student Member, IEEE Martin A. Sehr Antonio Iannopollo, Member, IEEE Faculty of Computer Science Corporate Technology EECS Department Free University of Bolzano-Bozen Siemens Corporation University of California Bolzano, Italy Berkeley, CA 94704, USA Berkeley, CA 94720, USA ﬂ[email protected] [email protected] [email protected] Ines Ugalde Alberto Sangiovanni-Vincentelli, Fellow, IEEE Barbara Russo Corporate Technology EECS Department Faculty of Computer Science Siemens Corporation University of California Free University of Bolzano-Bozen Berkeley, CA 94704, USA Berkeley, CA 94720, USA Bolzano, Italy [email protected] [email protected] [email protected] Abstract—We explore the challenges and opportunities of control design full authority over the environment in which shifting industrial control software from dedicated hardware to its software will run, it is not straightforward to determine bare-metal servers or cloud computing platforms using off the under what conditions the software can be executed on cloud shelf technologies. In particular, we demonstrate that executing time-critical applications on cloud platforms is viable based on computing platforms due to resource virtualization. Yet, we a series of dedicated latency tests targeting relevant real-time believe that the principles of Industry 4.0 present a unique conﬁgurations. opportunity to explore complementing traditional automation Index Terms—Industrial Control Systems, Real-Time, IAAS, components with a novel control architecture [3]. Containers, Determinism We believe that modern virtualization techniques such as application containerization [3]–[5] are essential for adequate I. INTRODUCTION utilization of cloud computing resources in industrial con- Emerging technologies such as the Internet of Things and trol systems.
[Show full text]
Xen on X86, 15 Years Later
Xen on x86, 15 years later Recent development, future direction QEMU Deprivileging PVShim Panopticon Large guests (288 vcpus) NVDIMM PVH Guests PVCalls VM Introspection / Memaccess PV IOMMU ACPI Memory Hotplug PVH dom0 Posted Interrupts KConfig Sub-page protection Hypervisor Multiplexing Talk approach • Highlight some key features • Recently finished • In progress • Cool Idea: Should be possible, nobody committed to working on it yet • Highlight how these work together to create interesting theme • PVH (with PVH dom0) • KConfig • … to disable PV • PVshim • Windows in PVH PVH: Finally here • Full PVH DomU support in Xen 4.10, Linux 4.15 • First backwards-compatibility hack • Experimental PVH Dom0 support in Xen 4.11 PVH: What is it? • Next-generation paravirtualization mode • Takes advantage of hardware virtualization support • No need for emulated BIOS or emulated devices • Lower performance overhead than PV • Lower memory overhead than HVM • More secure than either PV or HVM mode • PVH (with PVH dom0) • KConfig • … to disable PV • PVshim • Windows in PVH KConfig • KConfig for Xen allows… • Users to produce smaller / more secure binaries • Makes it easier to merge experimental functionality • KConfig option to disable PV entirely • PVH • KConfig • … to disable PV • PVshim • Windows in PVH PVShim • Some older kernels can only run in PV mode • Expect to run in ring 1, ask a hypervisor PV-only kernel (ring 1) to perform privileged actions “Shim” Hypervisor (ring 0) • “Shim”: A build of Xen designed to allow an unmodified PV guest to run in PVH mode
[Show full text]
Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix
Debian \ Amber \ Arco-Debian \ Arc-Live \ ASLinux \ BeatriX \ BlackRhino \ BlankON \ Bluewall \ BOSS \ Canaima \ Clonezilla Live \ Conducit \ Corel \ Xandros \ DeadCD \ Olive \ DeMuDi \ \ 64Studio (64 Studio) \ DoudouLinux \ DRBL \ Elive \ Epidemic \ Estrella Roja \ Euronode \ GALPon MiniNo \ Gibraltar \ GNUGuitarINUX \ gnuLiNex \ \ Lihuen \ grml \ Guadalinex \ Impi \ Inquisitor \ Linux Mint Debian \ LliureX \ K-DEMar \ kademar \ Knoppix \ \ B2D \ \ Bioknoppix \ \ Damn Small Linux \ \ \ Hikarunix \ \ \ DSL-N \ \ \ Damn Vulnerable Linux \ \ Danix \ \ Feather \ \ INSERT \ \ Joatha \ \ Kaella \ \ Kanotix \ \ \ Auditor Security Linux \ \ \ Backtrack \ \ \ Parsix \ \ Kurumin \ \ \ Dizinha \ \ \ \ NeoDizinha \ \ \ \ Patinho Faminto \ \ \ Kalango \ \ \ Poseidon \ \ MAX \ \ Medialinux \ \ Mediainlinux \ \ ArtistX \ \ Morphix \ \ \ Aquamorph \ \ \ Dreamlinux \ \ \ Hiwix \ \ \ Hiweed \ \ \ \ Deepin \ \ \ ZoneCD \ \ Musix \ \ ParallelKnoppix \ \ Quantian \ \ Shabdix \ \ Symphony OS \ \ Whoppix \ \ WHAX \ LEAF \ Libranet \ Librassoc \ Lindows \ Linspire \ \ Freespire \ Liquid Lemur \ Matriux \ MEPIS \ SimplyMEPIS \ \ antiX \ \ \ Swift \ Metamorphose \ miniwoody \ Bonzai \ MoLinux \ \ Tirwal \ NepaLinux \ Nova \ Omoikane (Arma) \ OpenMediaVault \ OS2005 \ Maemo \ Meego Harmattan \ PelicanHPC \ Progeny \ Progress \ Proxmox \ PureOS \ Red Ribbon \ Resulinux \ Rxart \ SalineOS \ Semplice \ sidux \ aptosid \ \ siduction \ Skolelinux \ Snowlinux \ srvRX live \ Storm \ Tails \ ThinClientOS \ Trisquel \ Tuquito \ Ubuntu \ \ A/V \ \ AV \ \ Airinux \ \ Arabian
[Show full text]
Xen to KVM Migration Guide
SUSE Linux Enterprise Server 12 SP4 Xen to KVM Migration Guide SUSE Linux Enterprise Server 12 SP4 As the KVM virtualization solution is becoming more and more popular among server administrators, many of them need a path to migrate their existing Xen based environments to KVM. As of now, there are no mature tools to automatically convert Xen VMs to KVM. There is, however, a technical solution that helps convert Xen virtual machines to KVM. The following information and procedures help you to perform such a migration. Publication Date: September 24, 2021 Contents 1 Migration to KVM Using virt-v2v 2 2 Xen to KVM Manual Migration 9 3 For More Information 18 4 Documentation Updates 18 5 Legal Notice 18 6 GNU Free Documentation License 18 1 SLES 12 SP4 Important: Migration Procedure Not Supported The migration procedure described in this document is not fully supported by SUSE. We provide it as a guidance only. 1 Migration to KVM Using virt-v2v This section contains information to help you import virtual machines from foreign hypervisors (such as Xen) to KVM managed by libvirt . Tip: Microsoft Windows Guests This section is focused on converting Linux guests. Converting Microsoft Windows guests using virt-v2v is the same as converting Linux guests, except in regards to handling the Virtual Machine Driver Pack (VMDP). Additional details on converting Windows guests with the VMDP can be found in the separate Virtual Machine Driver Pack documentation at https://www.suse.com/documentation/sle-vmdp-22/ . 1.1 Introduction to virt-v2v virt-v2v is a command line tool to convert VM Guests from a foreign hypervisor to run on KVM managed by libvirt .
[Show full text]
L4 – Virtualization and Beyond
L4 – Virtualization and Beyond Hermann Härtig!," Michael Roitzsch! Adam Lackorzynski" Björn Döbel" Alexander Böttcher! #!Department of Computer Science# "GWT-TUD GmbH # Technische Universität Dresden# 01187 Dresden, Germany # 01062 Dresden, Germany {haertig,mroi,adam,doebel,boettcher}@os.inf.tu-dresden.de Abstract Mac OS X environment, using full hardware After being introduced by IBM in the 1960s, acceleration by the GPU. Virtual machines are virtualization has experienced a renaissance in used to test potentially malicious software recent years. It has become a major industry trend without risking the host environment and they in the server context and is also popular on help developers in debugging crashes with back- consumer desktops. In addition to the well-known in-time execution. benefits of server consolidation and legacy In the server world, virtual machines are used to preservation, virtualization is now considered in consolidate multiple services previously located embedded systems. In this paper, we want to look on dedicated machines. Running them within beyond the term to evaluate advantages and virtual machines on one physical server eases downsides of various virtualization approaches. management and helps saving power by We show how virtualization can be increasing utilization. In server farms, migration complemented or even superseded by modern of virtual machines between servers is used to operating system paradigms. Using L4 as the balance load with the potential of shutting down basis for virtualization and as an advanced completely unloaded servers or adding more to microkernel provides a best-of-both-worlds increase capacity. Lastly, virtual machines also combination. Microkernels can contribute proven isolate different customers who can purchase real-time capabilities and small trusted computing virtual shares of a physical server in a data center.
[Show full text]
Hands on Virtualization Using XEN
VirtualizationWorkshop09 < GridkaSchool09 < TWiki http://www-ekp.physik.uni-karlsruhe.de/~twiki/bin/view/GridkaSchool... Hands On Virtualization using XEN Hands On Virtualization using XEN General Setup The Machine Hardware Host Preparation (Standard UBUNTU XEN Host) Installation of the XEN Packages Modification of the Bootloader GRUB Reboot the Host System Explore Your New XEN dom0 Hardware Host Virtual Machine Preparation Start Your Virtual Machine Working with the Virtual Machines Network Setup on the Host System Start/Stop the Virtual Machines Change the Memory Allocated to the VM High Availability Shared Network Storage Solution Host Preparation Phase Configure the DRBD Device Startup the DRBD Device Setup the Filesystem on the Device Test the DRBD Raid Device Migration of the VMs Advanced tutorial (if you have time left): libvirt usage with XEN Installation of libvirt and tools VM libvirt configuration virsh usage libvirt GUI example "virt-manager" Additional Information General Setup The Machine Hardware The host systems are running Ubuntu 9.04 (Jaunty Jackalope). The following procedures will be possible on most common linux distributions with specific changes to the software installation steps. For Ubuntu we will use the Advanced Packaging Tool ( apt ) similar to Debian . RedHat or SuSE are using rpm or some GUI (Graphical User Interface) installation tool. Each workshop group has access to two hardware hosts: hostname gks- <1/2>-X .fzk.de gks- <1/2>-Y .fzk.de Replace <1/2> and X and Y with the numbers given on the workshop handout. Host Preparation (Standard UBUNTU XEN Host) 1 von 15 16.12.2009 15:13 VirtualizationWorkshop09 < GridkaSchool09 < TWiki http://www-ekp.physik.uni-karlsruhe.de/~twiki/bin/view/GridkaSchool..
[Show full text]
Lars Kurth Community Manger, Xen Project Chairman, Xen Project Advisory Board Director, Open Source, Citrix Lars Kurth
Lars Kurth Community Manger, Xen Project Chairman, Xen Project Advisory Board Director, Open Source, Citrix lars_kurth Was a contributor to various projects Worked in parallel computing, tools, mobile and now virtualization Long history in change projects Community guy at Symbian Foundation Learned how NOT to do stuff Community guy for the Xen Project Working for Citrix Accountable to Xen Project Advisory Board Chairman of Xen Project Advisory Board 250000 200000 150000 More than 1 Projects Million Today 100000 Projected 50000 0 2006 2008 2010 2012 2014 Source: The 2013 Future of Open Source Survey Results Late 90’s Today Individuals & Hobbyist's Still about Individuals But, a majority are employees Companies have a huge stake Features How many users you have How many vendors back you How you are seen in the press … Different Management Disciplines can help you succeed Neutrality / Perception Support Infrastructure Expertise / Mentoring Vendor Network … BUT: You still need to do all the right things Case Study An Open Source Hypervisor > 10M Users Powering some of the biggest Clouds in Production Amazon Web Services, Rackspace Public Cloud, Terremark, … Several sub-projects Xen Hypervisor (including Xen on ARM), XAPI management tools, Mirage OS Linux Foundation Collaborative Project Sponsored by Amazon Web Services, AMD, Bromium, Calxeda, CA Technologies, Cisco, Citrix, Google, Intel, NetApp, Oracle, Samsung and Verizon 10 years old Four Key Issues Symptoms Consequences for Xen Fixes that were applied Effect this had (there may be others)
[Show full text]
Design of the Next-Generation Securedrop Workstation Freedom of the Press Foundation
1 Design of the Next-Generation SecureDrop Workstation Freedom of the Press Foundation I. INTRODUCTION Whistleblowers expose wrongdoing, illegality, abuse, misconduct, waste, and/or threats to public health or safety. Whistleblowing has been critical for some of the most important stories in the history of investigative journalism, e.g. the Pentagon Papers, the Panama Papers, and the Snowden disclosures. From the Government Accountability Project’s Whistleblower Guide (1): The power of whistleblowers to hold institutions and leaders accountable very often depends on the critical work of journalists, who verify whistleblowers’ disclosures and then bring them to the public. The partnership between whistleblowers and journalists is essential to a functioning democracy. In the United States, shield laws and reporter’s privilege exists to protect the right of a journalist to not reveal the identity of a source. However, under both the Obama and Trump administrations, governments have attempted to identify journalistic sources via court orders to third parties holding journalist’s records. Under the Obama administration, the Associated Press had its telephone records acquired in order to identify a source (2). Under the Trump Administration, New York Times journalist Ali Watkins had her phone and email records acquired by court order (3). If source—journalist communications are mediated by third parties that can be subject to subpoena, source identities can be revealed without a journalist being aware due to a gag that is often associated with such court orders. Sources can face a range of reprisals. These could be personal reprisals such as reputational or relationship damage, or for employees that reveal wrongdoing, loss of employment and career opportunities.
[Show full text]
Paravirtualizing Linux in a Real-Time Hypervisor
Paravirtualizing Linux in a real-time hypervisor Vincent Legout and Matthieu Lemerre CEA, LIST, Embedded Real Time Systems Laboratory Point courrier 172, F-91191 Gif-sur-Yvette, FRANCE {vincent.legout,matthieu.lemerre}@cea.fr ABSTRACT applications written for a fully-featured operating system This paper describes a new hypervisor built to run Linux in a such as Linux. The Anaxagoros design prevent non real- virtual machine. This hypervisor is built inside Anaxagoros, time tasks to interfere with real-time tasks, thus providing a real-time microkernel designed to execute safely hard real- the security foundation to build a hypervisor to run existing time and non real-time tasks. This allows the execution of non real-time applications. This allows current applications hard real-time tasks in parallel with Linux virtual machines to run on Anaxagoros systems without any porting eﬀort, without interfering with the execution of the real-time tasks. opening the access to a wide range of applications. We implemented this hypervisor and compared perfor- Furthermore, modern computers are powerful enough to mances with other virtualization techniques. Our hypervisor use virtualization, even embedded processors. Virtualiza- does not yet provide high performance but gives correct re- tion has become a trendy topic of computer science, with sults and we believe the design is solid enough to guarantee its advantages like scalability or security. Thus we believe solid performances with its future implementation. that building a real-time system with guaranteed real-time performances and dense non real-time tasks is an important topic for the future of real-time systems.
[Show full text]
Paravirtualized Applications on Top of an L4/Fiasco Microkernel
TECHNOLOGICAL EDUCATIONAL INSTITUTE OF CRETE Paravirtualized applications on top of an L4/Fiasco Microkernel by Emmanouil Fragkiskos Ragkousis A thesis submitted in partial fulﬁllment for the degree of Bachelor of Science in the Technological Educational Institute of Crete Department of Informatics Engineering March 31, 2019 TECHNOLOGICAL EDUCATIONAL INSTITUTE OF CRETE Σύνοψη Technological Educational Institute of Crete Department of Informatics Engineering Bachelor of Science by Emmanouil Fragkiskos Ragkousis In this thesis we added Zedboard support to L4/Fiasco, which allowed us to use it as a hypervisor. In this way we can achieve a better use of resources by sharing them between multiple operating systems and/or bare metal programs. It also allows us to achieve better security by controlling access to parts of the hardware. Thesis Supervisor: Kornaros Georgios Title: Assistant Professor at Department of Informatics Engineering, TEI of Crete TECHNOLOGICAL EDUCATIONAL INSTITUTE OF CRETE Σύνοψη Technological Educational Institute of Crete Department of Informatics Engineering Bachelor of Science by Emmanouil Fragkiskos Ragkousis Se αυτή thn πτυχιακή, prosjèsame υποστήριξη gia to Zedboard sto L4/Fiasco, me σκοπό na to χρησιμοποιήσουμε san hypervisor. Me αυτόn ton τρόπο μπορούμε na επιτύχουμε καλύτερη χρήση twn πόρων tou συστήματος, μοιράζοντας ton metaxύ diaforetik¸n leitourgik¸n συστημάτων kai efarmog¸n. EpÐshc mac epitrèpei na επιτύχουμε καλύτερη ασφάλεια elègqontac to thn πρόσβαση sto hardware. Epiblèpwn Πτυχιακής: Ge¸rgioc Κορνάρος TÐtloc: EpÐkouroc Καθηγητής tou τμήματoc Mhqanik¸n Πληροφορικής, TEI Κρήτης Acknowledgements This bachelor thesis is my ﬁrst academic milestone and looking back I would like to thank all the people, that are not listed below, for their support and encouragement until today.
[Show full text]
PDF Or ODT Format, You Will Notice Plenty of ``` in Place of Double Quotes (“”)
The Hitchhiker’s Guide to Online Anonymity (Or “How I learned to start worrying and love privacy anonymity”) Version 1.0.4, September 2021 by AnonymousPlanet. This guide is still a work in progress. While I am working constantly to correct issues, improve the content, general structure, and readability, it will probably never be “finished”. Some parts might lack information or contain inaccuracies. Your experience may vary. Remember to check regularly for an updated version of this guide. This guide is a non-profit open-source initiative, licensed under Creative Commons Attribution-NonCommercial 4.0 International (cc-by-nc-4.0 [Archive.org]). See the license at the end of the document. • For mirrors see Appendix A6: Mirrors • For help in comparing versions see Appendix A7: Comparing versions Feel free to submit issues using GitHub Issues at: https://github.com/AnonymousPlanet/thgtoa/issues Feel free to come to discuss ideas at: • GitHub Discussions: https://github.com/AnonymousPlanet/thgtoa/discussions • Matrix/Element: ```#anonymity:matrix.org``` https://matrix.to/#/#anonymity:matrix.org Follow me on: • Twitter at https://twitter.com/AnonyPla [Nitter] (cannot guarantee this account will stay up for long tho) • Mastodon at https://mastodon.social/@anonypla. To contact me, see the updated information on the website or send an e-mail to [email protected] Please consider donating if you enjoy the project and want to support the hosting fees (for the Tor hosting and the Tor Exit node). There are several ways you could read this guide: • You want to understand the current state of online privacy and anonymity not necessarily get too technical about it: Just read the Introduction, Requirements, Understanding some basics of how some information can lead back to you and how to mitigate those, and A final editorial note sections.
[Show full text]
Securedrop Workstation Security Assessment January 29, 2020
SecureDrop Workstation Security Assessment January 29, 2020 Prepared For: SecureDrop Team | Freedom of the Press Foundation [email protected] Prepared By: Dominik Czarnota | T rail of Bits [email protected] Artem Dinaburg | T rail of Bits [email protected] Changelog: December 18, 2020 Initial report delivered January 19, 2021 Added Findings 25-26 and Appendices G-H January 29, 2021 Final version delivered: extended Executive Summary Executive Summary Project Dashboard Engagement Goals Coverage Recommendations Summary Short term Long term Findings Summary 1. Incorrect TOR_V2_AUTH_COOKIE_REGEX regular expression when validating config 2. Verifying Qubes installation media is confusing and error-prone 3. Only support Intel hardware, as AMD appears to lack sufficient testing 4. The order of operation in the safe_mkdir function allows an attacker to create the directory with broader permissions 5. The downloaded submission may end up in an overly permissioned directory 6. Qubes qrexec tools handle libvchan_recv and libvchan_send return values inconsistently 7. Whonix.NewStatus Qubes RPC should be redesigned 8. The offline mode doesn't require any authentication 9. Downloaded submissions have too broad permissions 10. Passwordless root access in VMs 11. qrexec-daemon in Qubes >= 4.1 could misidentify policy engine replies 12. The sd-app downloads submission to a file path fully trusted from the server, allowing for path traversal 13. The migration script adds non-existent path to sys.path 14. The sd-proxy and sdclientapi allows duplicate JSON keys 15. Backup files remain valid policies 16. The securedrop-export in sd-devices unpacks incoming archives in a way that allows for placing unpacked files in arbitrary paths 17.
[Show full text]