[Whonix-devel] Introduction - Rick

• Previous message: [Whonix-devel] Introduction - Rick
• Next message: [Whonix-devel] Introduction - Rick
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Rick!

Glad to see someone like you coming aboard the Whonix project. :)


If not familiar yet, you might be interested in the Qubes architecture 
and our Qubes + Whonix project.

Qubes (based on Xen) arguably takes security well beyond traditionally 
chunky monolithic Linux systems, but allows for a traditional OSes 
(Linux, BSD, Windows, Mac, etc) to be run upon it with lightweight VMs. 
These strongly isolated VMs seamlessly integrate into a singular unified 
KDE/Xfce desktop environment in a robustly secure way. Convenient and 
secure copy/paste and file transfer between VMs as well.

User VMs can have neat properties too, like shared template kernels for 
VMs, so each VM only uses mere MBs of storage, and the VM's kernel 
resets to prior good state upon virtual restart. Other neat things come 
with VM types: NetVMs, ProxyVMs, AppVMs, DisposableVMs, HardwareVMs, 
etc.

Isolates dom0 administration, GUI (in version R3), storage, networking, 
and user VMs (such as Whonix VMs) all into separate compartmentalized 
"domains" or VMs. Compared to a traditional monolithic system where a 
vulnerability in any one of these areas would compromise the entire 
system. Takes advantage of hardware security properties, such as 
IOMMU/VT-d, to enforce real isolation within systems.

Qubes ultimately is more like a microkernel, due to its small code 
footprint (only in the hundred thousands of LOC) and 
compartmentalization of components.

So Qubes can defend against more serious attacks that other operating 
systems typically can't by themselves, while also maintaining a user 
friendly desktop environment.

Free software (GPL), developed by talented hardcore security researchers 
and exploit developers. :)



Some key links for Qubes:

- Homepage:  https://qubes-os.org

- Detailed Blog:  http://theinvisiblethings.blogspot.com

- Architecture Overview:  https://qubes-os.org/wiki/QubesArchitecture

- Architecture Specification:  
http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf

- Short Paper on Arch/Isolation/Tor: 
http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf

- Security Goals:  https://qubes-os.org/wiki/SecurityGoals

- Security-Critical Code:  
https://wiki.qubes-os.org/wiki/SecurityCriticalCode

- Documentation:  https://qubes-os.org/wiki/QubesDocs

A few of us (myself, Patrick, nrgaway, etc) participate on the Qubes 
mailing lists as well...

- Mailing Lists:  https://qubes-os.org/wiki/QubesLists



I completed and published the first Qubes + Whonix port last year in 
2014.

I realized with the modern state of affairs in computer exploitation 
capabilities, that privacy is easily compromised, even if Tor/Whonix/etc 
don't fail us on the network. Since our endpoint security is wide open 
using traditional nix operating systems and virtualizers.

For example, just visit the wrong malicious webpage or install the wrong 
malicious app and it can be game over for a person's entire system and 
internet privacy/anonymity.

I realized Qubes is the answer to this fundamentally entangled security 
+ privacy problem.

Thus, Qubes + Whonix was born. :)

Qubes provides the very strong endpoint security that is desperately 
needed to uphold the integrity of privacy/anonymity networking systems, 
like Tor/Whonix/etc.

Also, with the new upcoming Qubes R3 version, the architecture is 
becoming abstracted from Xen, so that Qubes can be ported to other 
pre-existing OSes, and be installed on them as an application (like 
VirtualBox). This should help to further expand the user market for 
adopting Qubes...and using Qubes + Whonix, for greater underlying system 
security than VirtualBox and KVM users receive.

The Qubes team has been very receptive and supportive to our Qubes + 
Whonix effort. And thanks to the awesome development work of @nrgaway, 
we now have a brand new (to be widely announced soon) natively 
integrated version of Qubes + Whonix that is being offered by the Qubes 
team in their repo. And now, a few of us are working on testing, 
improving, securing, and bringing this new Qubes + Whonix system into 
maturity for the first time.


So if Qubes + Whonix becomes of interest to you, then professional 
talents like yours would certainly help with key issues that impact 
people needing very strong security along with Whonix internet privacy.

I have a couple ideas in mind right now that could be pretty important 
and need work or research.

Checkout Qubes and Qubes + Whonix and let me know if you're ever 
interested in helping us out.


Either way, welcome to Whonix! Happy to have you here in the Whonix 
community. :)

Cheers,

WhonixQubes



FYI... The primary resources specific to Qubes + Whonix are:

- Wiki:     https://www.whonix.org/wiki/Qubes
- Forum:    https://www.whonix.org/forum/Qubes
- Blog:     https://www.whonix.org/blog/category/Qubes
- Tracker:  https://phabricator.whonix.org/tag/Qubes

• Previous message: [Whonix-devel] Introduction - Rick
• Next message: [Whonix-devel] Introduction - Rick
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]