Hamed Ghavamnia – 88700188 – Advanced Operating Systems

Qubes OS: A -based OS built for Security

Current operating systems being used on desktops, such as Windows, Mac OS X, or even -based systems have proven incapable of providing complete security for their users. The major problem is their inability to provide isolation between different programs. The problem begins when on the OS get compromised (due to a bug). The inexistence of isolation between programs allows the compromised software to take down the whole system. One solution might be to take out all the bugs when writing software, but this solution can never be done. There will always be a bug that can be exploited. This situation is a direct result of a bad architectural design in usual operating systems.

The creators of The Qubes OS believe the solution to this problem isn’t creating better software, but changing the architecture. On the other hand, creating a new is too time-consuming, so they’ve tried to use ready-to-use building blocks as much as they can. Qubes uses the Xen . Xen is a monitor, which can run on different hardware architectures[1]. Several operating systems can be run at the same time on the same hardware. The hypervisor is the closest layer to the hardware. It doesn’t have much code, so it’s more secure than usual operating systems [2]. Xen has its own operating system, but it differs with Qubes a lot. The Xen OS has a hypervisor, in which different guest operating systems can load, but in Qubes there is one OS and the other applications can load in an isolated virtual machine. Some of the problems of the Xen OS are stated in [3].

In this survey, the architecture of Qubes will be studied and its differences with the Xen hypervisor- based OS will be described.

[1] Barham, P. Dragovic, B. Fraser, K. et al. Xen and the art of . Proceedings of the nineteenth ACM symposium on Operating systems principles, 2003, pp. 164-177

[2] Dong, Y.Li, S. et al. Extending xen with virtualization technology. Intel Technology Journal 10(3) , 2006, pp. 193-203.

[3] Wojtczuk, R. Rutkowska, J. Attacking Intel Trusted Execution Technology. In Black Hat DC , February 2009