Skip to main content

View Diary: An NSA-proof operating system. Yes, for real. (171 comments)

Comment Preferences

  •  Security by isolation? (0+ / 0-)

    If I understand this correctly, the Security by Isolation (SbI) approach is to allow creation of virtual environments separate from other virtual environments on the same machine. Within each virtual environment, however, there is no protection between processes within that environment.  If you compare this to MacOS's recent adoption of App store approval, sandboxing, and signing of applications, I'm not sure which would win. With sandboxing, each process is restricted to its own resources, except for specific kinds of access to system resources. Application signing restricts execution of applications developed by unknown persons (except for applications compiled & installed on the client), and applications installed via the App Store.

    Under the SbI model, a user would have the power to create a virtual environment for each application, and then presumably set up all necessary communication channels between them, perhaps using sockets or some other networking model. MacOS is currently doing something very similar, the difference presumably being that the communication channels are set up as part of the development and approval by the App Store.

    For the ordinary user, I'm not convinced that MacOS wouldn't result in a higher level of security, simply because a reasonably good security model is set up with no user intervention, while under SbI, the user is required to set it all up themself. (Remember, under SbI, there is no isolation of processes within the same user-defined virtual environment.)

    •  Forgive me - I don't think you do. (1+ / 0-)
      Recommended by:
      If I understand this correctly...
      You need to look into it more deeply.  I suggest the white papers on the QubesOS site to start, if you really have an interest - and the developer's Google Groups I linked to above.  Rutkowska's blog (Invisible Things) is filled with information.

      I'd stick around, but it's been an all-nighter.  And going to the source is usually the best bet anyway, isn't it?

      It ain't called paranoia - when they're really out to get you. 6 points.

      by Jaime Frontero on Sat Jul 13, 2013 at 07:53:12 AM PDT

      [ Parent ]

      •  OK, but I did go there and read a bit first (1+ / 0-)
        Recommended by:

        One of the first things that struck me was this:

        Qubes, however, does not attempt to provide any security isolation for applications that run within the same domain. E.g. a buggy web browser running in one of the Qubes domains could still be compromised just as easily as on regular Linux OS.

        So, please tell me what else I need to understand. Based on what I've read so far, I really don't have enough interest in this to do a major research project on it.

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site