[Whonix-devel] Introduction - Rick
WhonixQubes
whonixqubes at riseup.net
Thu Jan 29 18:14:11 CET 2015
Hello Rick!
Glad to see someone like you coming aboard the Whonix project. :)
If not familiar yet, you might be interested in the Qubes architecture
and our Qubes + Whonix project.
Qubes (based on Xen) arguably takes security well beyond traditionally
chunky monolithic Linux systems, but allows for a traditional OSes
(Linux, BSD, Windows, Mac, etc) to be run upon it with lightweight VMs.
These strongly isolated VMs seamlessly integrate into a singular unified
KDE/Xfce desktop environment in a robustly secure way. Convenient and
secure copy/paste and file transfer between VMs as well.
User VMs can have neat properties too, like shared template kernels for
VMs, so each VM only uses mere MBs of storage, and the VM's kernel
resets to prior good state upon virtual restart. Other neat things come
with VM types: NetVMs, ProxyVMs, AppVMs, DisposableVMs, HardwareVMs,
etc.
Isolates dom0 administration, GUI (in version R3), storage, networking,
and user VMs (such as Whonix VMs) all into separate compartmentalized
"domains" or VMs. Compared to a traditional monolithic system where a
vulnerability in any one of these areas would compromise the entire
system. Takes advantage of hardware security properties, such as
IOMMU/VT-d, to enforce real isolation within systems.
Qubes ultimately is more like a microkernel, due to its small code
footprint (only in the hundred thousands of LOC) and
compartmentalization of components.
So Qubes can defend against more serious attacks that other operating
systems typically can't by themselves, while also maintaining a user
friendly desktop environment.
Free software (GPL), developed by talented hardcore security researchers
and exploit developers. :)
Some key links for Qubes:
- Homepage: https://qubes-os.org
- Detailed Blog: http://theinvisiblethings.blogspot.com
- Architecture Overview: https://qubes-os.org/wiki/QubesArchitecture
- Architecture Specification:
http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf
- Short Paper on Arch/Isolation/Tor:
http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
- Security Goals: https://qubes-os.org/wiki/SecurityGoals
- Security-Critical Code:
https://wiki.qubes-os.org/wiki/SecurityCriticalCode
- Documentation: https://qubes-os.org/wiki/QubesDocs
A few of us (myself, Patrick, nrgaway, etc) participate on the Qubes
mailing lists as well...
- Mailing Lists: https://qubes-os.org/wiki/QubesLists
I completed and published the first Qubes + Whonix port last year in
2014.
I realized with the modern state of affairs in computer exploitation
capabilities, that privacy is easily compromised, even if Tor/Whonix/etc
don't fail us on the network. Since our endpoint security is wide open
using traditional nix operating systems and virtualizers.
For example, just visit the wrong malicious webpage or install the wrong
malicious app and it can be game over for a person's entire system and
internet privacy/anonymity.
I realized Qubes is the answer to this fundamentally entangled security
+ privacy problem.
Thus, Qubes + Whonix was born. :)
Qubes provides the very strong endpoint security that is desperately
needed to uphold the integrity of privacy/anonymity networking systems,
like Tor/Whonix/etc.
Also, with the new upcoming Qubes R3 version, the architecture is
becoming abstracted from Xen, so that Qubes can be ported to other
pre-existing OSes, and be installed on them as an application (like
VirtualBox). This should help to further expand the user market for
adopting Qubes...and using Qubes + Whonix, for greater underlying system
security than VirtualBox and KVM users receive.
The Qubes team has been very receptive and supportive to our Qubes +
Whonix effort. And thanks to the awesome development work of @nrgaway,
we now have a brand new (to be widely announced soon) natively
integrated version of Qubes + Whonix that is being offered by the Qubes
team in their repo. And now, a few of us are working on testing,
improving, securing, and bringing this new Qubes + Whonix system into
maturity for the first time.
So if Qubes + Whonix becomes of interest to you, then professional
talents like yours would certainly help with key issues that impact
people needing very strong security along with Whonix internet privacy.
I have a couple ideas in mind right now that could be pretty important
and need work or research.
Checkout Qubes and Qubes + Whonix and let me know if you're ever
interested in helping us out.
Either way, welcome to Whonix! Happy to have you here in the Whonix
community. :)
Cheers,
WhonixQubes
FYI... The primary resources specific to Qubes + Whonix are:
- Wiki: https://www.whonix.org/wiki/Qubes
- Forum: https://www.whonix.org/forum/Qubes
- Blog: https://www.whonix.org/blog/category/Qubes
- Tracker: https://phabricator.whonix.org/tag/Qubes
More information about the Whonix-devel
mailing list