Access and Feeds

Security: Disposable VMs For Tighter Security

By Dick Weisinger

A new flavor of the Linux Operating System is now available that might prove to be one of the strongest defenses put up against malware.   The new Operating System is called Qubes, and it is a combination of Linux with the Xen Virtual machine.   Qubes is the invention of Joanna Rutkowska, a Polish researcher of malware and exploits.  Rutkowska is famous for a paper she authored and presented at a Black Hat conference in 2006 that described a technique called  ‘Blue Pill’ for moving a running OS into a virtual machine using hardware virtualization.

Rutkowska has released an alpha version of the new operating system Qubes.  The idea of Qubes is that every instance of an application will start in its own lightweight virtual machine and get thrown away once the application shuts down.  In this way, every application running on the machine is in its own sandbox and is isolated from every other application.  This approach is called ‘security by isolation’.  If the application in one sandbox downloaded malware, the affects of that malware would be limited to only the virtual machine that application is running in.

Security by isolation differs from standard approaches taken in combating malware.   But it has many analysts intrigued and predicting that this approach and way of thinking about how to architect an operating system is sure to become more popular.

Qube’s lightweight per-app Virtual Machines are called AppVMs.   Qube also supports a technique for being able to securely copy data between the AppVMs as well as to share files among all of them.  Qube virtualization makes it appear as if all the AppVMs represent tha applications of a single user desktop.

Security researcher Dino Dai Zovi wrote that “the desktop analogue to the network firewall is the privilege separated and sandboxed application.  These mechanisms finally move the bull (untrusted data) from the china shop (your data) to the outside where it belongs (a sandbox).  While it doesn’t quite reduce the attack surface, it significantly raises the bar for an attacker through defense-in-depth.  If an attacker is able to exploit a vulnerability and execute code, they must then exploit another vulnerability in the sandboxing mechanism in order to break free and even read the user’s data.”

Sandboxing applications with an Operating System like Qube does look like a promising idea for advancing security, but is sure to bring with it challenges for writing secure applications that must play by these new rules.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *

*