Qubes OS
 |
|
Applications running in different security domains
|
|
| Developer | Invisible Things Lab |
|---|---|
| OS family | Unix-like |
| Working state | Current |
| Source model | Open source (GPLv2) |
| Initial release | September 3, 2012 |
| Latest release | 3.2 / September 29, 2016 |
| Latest preview | R3.2 rc3 / August 31, 2016 |
| Available in | Multilingual |
| Update method | Yum (PackageKit) |
| Package manager | RPM Package Manager |
| Platforms | x86-64 |
| Kernel type | Microkernel (Xen Hypervisor running minimal Linux-based OSes and others) |
| Userland | Fedora, Debian, Whonix, Microsoft Windows |
| Default user interface | KDE, Xfce |
| License |
Free software licenses (mainly GPL v2) |
| Official website | www |
Qubes OS is a security-focused desktop operating system that aims to provide security through isolation.Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.
On February 16, 2014, Qubes was selected as a finalist of Access Innovation Prize 2014 for Endpoint Security Solution.
Qubes implements a Security by Isolation approach. The assumption is that there can be no perfect, bug-free desktop environment. Such an environment counts millions of lines of code, billions of software/hardware interactions. One critical bug in any of these interactions may be enough for malicious software to take control over a machine.
In order to secure a desktop, a Qubes user should take care of isolating various environments, so that if one of the components gets compromised, the malicious software would get access to only the data inside that environment.
In Qubes, the isolation is provided in two dimensions: hardware controllers can be isolated into functional domains (e.g. network domains, USB controller domains), whereas the user's digital life is decided in domains with different levels of trust. For instance: work domain (most trusted), shopping domain, random domain (less trusted). Each of those domains is run in a separate virtual machine.
Qubes is not a multiuser system.
The hypervisor provides isolation between different virtual machines. The administrative domain, also referred to as Dom0 (a term inherited from Xen), has direct access to all the hardware by default. Dom0 hosts the GUI domain and controls the graphics device, as well as input devices, such as the keyboard and mouse. The GUI domain runs the X server, which displays the user desktop, and the window manager, which allows the user to start and stop the applications and manipulate their windows.
...
Wikipedia