The security researcher who invented malware known as Blue Pill has come up with a secure open source operating system called Qubes OS that is available for alpha-testing downloads.
With Qubes OS, Joanna Rutkowska is borrowing from the expertise she demonstrated four years ago when she virtualized a rootkit to create Blue Pill.
Qubes OS employs Xen virtual machines (VM) as building blocks in which users organize groups of applications. These Linux-based VMs are managed on a single piece of hardware managed by a Xen hypervisor, keeping applications used at work, for example, separate from applications used at home.
So if one VM is set up for Web browsing and during a visit to an infected site a worm gets downloaded, the worm cannot access the other VMs on the same piece of hardware. It is isolated and the applications located on the other VMs continue to work unencumbered.
The primary task of Qubes OS is to isolate VMs from each other. The operating system itself creates a set of VMs such as the network VM and storage VM. The network VM, for instance, isolates networking code in the device from all the other applications on the hardware. If the network VM is compromised the device becomes unable to network and is isolated, but the rest of the code on the machine remains intact.
The operating system comes with a secure graphical user interface subsystem for managing all the VMs and to display available applications that are divided up among more than one VM. The GUI also supports secure cutting and pasting between VMs as well as transferring files without risk of infection spreading, according to a white paper on Qubes OS architecture.
To boost efficiency, all VMs that share a single operating system (so far Qubes supports just Linux but it could support other operating systems) share a single read-only file system to prevent replicating a full Linux image for each VM. The paper says Rutkowska's group chose Xen for its size vs. using a Linux kernel on the hardware supplemented by a KVM hypervisor. Xen's inherent relative simplicity makes it easier to audit for security problems.
Rutkowska says in her blog that her firm, Invisible Things, has been working on Qubes OS for the past six months and just announced its availability Wednesday. The link to the project Web site was busy Wednesday and Rutkowska advised readers to wait until later this week when the initial rush has died down before trying to download the software.
She says she uses Qubes OS on a Macbook for work, shopping, banking, browsing and for developing Qubes.
Read more about software in Network World's Software section.