Most active commenters
  • ryacko(6)
  • snvzz(4)
  • nickpsecurity(4)
  • monocasa(3)
  • pjmlp(3)
  • standupstandup(3)

←back to thread

Qubes OS: A reasonably secure operating system

(www.qubes-os.org)
441 points ploggingdev | 43 comments | 19 Nov 17 16:06 UTC | HN request time: 0.455s | source | bottom
1. snvzz ◴[19 Nov 17 17:00 UTC] No.15734641[source]
Their weakest point is the hypervisor, Xen, which while a better choice than Linux/KVM, is still extremely bloated and has a poor security history.

Thankfully, better designs such as seL4's VMM do exist, although it might need a little more work [1] until usable for the purpose.

[1] https://sel4.systems/Info/Roadmap/

replies(6): >>15734676 #>>15734739 #>>15734803 #>>15734841 #>>15734956 #>>15735067 #
2. dijit ◴[19 Nov 17 17:07 UTC] No.15734676[source]
Could you clarify "Better choice"?

I've been using KVM/Xen/VMware for some time and always enjoyed it. And since Amazon and Google especially are going all in on KVM I'm surprised to hear the Xen is a better choice.

replies(2): >>15734758 #>>15734812 #
3. mmrezaie ◴[19 Nov 17 17:17 UTC] No.15734739[source]
Xen's hypervisor's size is very small. Qubes is about security and trustability of the whole system. In operating systems for measuring the trustability of the system, one very important measure is the lines of the code. Xen has a smaller footprint in the hypervisor part. Additionally, Xen has a robust model isolation for the drivers. That's why they went for Xen not KVM. But boy I wish to see more seL4. It was sad to see Gnu Hurd/seL4 didn't make it.
replies(3): >>15734755 #>>15734790 #>>15735029 #
4. xyzzyz ◴[19 Nov 17 17:19 UTC] No.15734755[source]
The problem with Xen is that no major industry player is backing it, especially with Amazon going KVM now.

(disclaimer: working at Google on virtualization security)

replies(3): >>15734816 #>>15734838 #>>15737654 #
5. hennsen ◴[19 Nov 17 17:20 UTC] No.15734758[source]
Amazon is going KVM?
replies(1): >>15734776 #
6. hennsen ◴[19 Nov 17 17:22 UTC] No.15734776{3}[source]
Ah - https://www.theregister.co.uk/2017/11/09/aws_deletes_new_hyp...

Sorry for not googling before asking...

7. snvzz ◴[19 Nov 17 17:25 UTC] No.15734790[source]
>Xen's hypervisor's size is very small.

150kLoC is quite a bit for an hypervisor.

replies(1): >>15735435 #
8. monocasa ◴[19 Nov 17 17:27 UTC] No.15734803[source]
No, I'd say that the weakest point is the IPC marshalling necessary to connect all of the containers together into a cohesive system. That's what I'd attack first.
replies(1): >>15734817 #
9. snvzz ◴[19 Nov 17 17:28 UTC] No.15734812[source]
>Could you clarify "Better choice"?

KVM is, like VMware, a Type 2 hypervisor. [1]

Xen is a proper Type 1 hypervisor.

[1] https://microkerneldude.wordpress.com/2010/10/14/much-ado-ab...

replies(3): >>15734912 #>>15735038 #>>15736268 #
10. pjmlp ◴[19 Nov 17 17:29 UTC] No.15734816{3}[source]
What about Cisco?
replies(2): >>15738401 #>>15738863 #
11. JoachimSchipper ◴[19 Nov 17 17:29 UTC] No.15734817[source]
A good place to look, but do note that that's the code written by the Qubes OS people - presumably, it's written with security in mind. Of course, Xen has had more eyeballs, so...
replies(1): >>15734850 #
12. ryacko ◴[19 Nov 17 17:33 UTC] No.15734838{3}[source]
Any chance Google will sponsor secure processor architecture standards?

I mean, the US government no doubt had influence on the Trusted Computing Group (too bad the EFF totally shunned it), and through the magic of product binning and chip fab costs, we all have trusted platform modules.

ASLR currently seems wimpy.

I'm certain you are in a position to accomplish a great deal, no matter where you are in the hierarchy. Maybe the future is x86 hardware emulation for user mode processes.

replies(2): >>15734873 #>>15737871 #
13. mtgx ◴[19 Nov 17 17:34 UTC] No.15734841[source]
The Genode team proposed some integration with Qubes a while ago, but not sure if the discussion went anywhere from that:

https://secure-os.org/pipermail/desktops/2015-November/00000...

14. monocasa ◴[19 Nov 17 17:34 UTC] No.15734850{3}[source]
Chrome's IPC was written with security in mind too, but most of the sandbox escape exploits have been around IPC marshalling.

Unlike the nitty gritty of how the sandbox works, the IPC changes often with new releases. And quite frankly it isn't as fun, cool, or interesting as VMMs or other sandboxing techniques, so a lot of the time it isn't given the close eye that it should.

15. standupstandup ◴[19 Nov 17 17:37 UTC] No.15734873{4}[source]
It's Intel pushing that stuff forward, with SGX.
replies(1): >>15734993 #
16. theossuary ◴[19 Nov 17 17:43 UTC] No.15734912{3}[source]
Why is a type 1 hypervisor instantly considered more secure though? I'd assume using Linux, instead of rolling your own code to interface with hardware, would make you more secure?
replies(1): >>15735096 #
17. X86BSD ◴[19 Nov 17 17:51 UTC] No.15734956[source]
You also have access to BHyve on FreeBSD for a good hypervisor.
replies(1): >>15735659 #
18. ryacko ◴[19 Nov 17 17:58 UTC] No.15734993{5}[source]
Then from recent Defcon and Black Hat talks, they are an absymal failure. ( https://www.youtube.com/watch?v=lR0nh-TdpVg Memory Sinkhole - Unleashing An X86 Design Flaw Allowing Universal Privilege Escalation ) (I don't understand it beyond what everyone says it can achieve)

Intel should be considered to be totally unreliable and incompetent.

I mean, no one buys office store safes and expects their things to be secure in them. But a processor is a little more expensive than a cheap safe and holds more valuable things.

Edit: and besides, Fortezza is an SSL protocol option.

replies(2): >>15735025 #>>15735058 #
19. standupstandup ◴[19 Nov 17 18:06 UTC] No.15735025{6}[source]
SGX is designed to shield software against SMM exploits.
20. walterbell ◴[19 Nov 17 18:08 UTC] No.15735029[source]
Qubes mailing list thread about hypervisor choices:

https://groups.google.com/forum/m/#!topic/qubes-devel/jEe4pQ...

> It seems one major residing problem with KVM is the Linux kernel (which is large and vulnerable). A port of KVM to a thinner base layer would obviate those issues.

replies(1): >>15736709 #
21. aleden ◴[19 Nov 17 18:11 UTC] No.15735038{3}[source]
It should be noted that KVM supports many different archs, and it lives inside the mainline Linux kernel while VMware's kernel modules are out-of-tree. I think this fact is an important difference (also that qemu-system-* are open-source, while vmware is not).
22. ryacko ◴[19 Nov 17 18:15 UTC] No.15735058{6}[source]
>SGX is designed to shield software against SMM exploits.

Perhaps if we add one more thing, x86 will finally be secure. You are right, Intel should be left to their own devices.

replies(2): >>15735415 #>>15735868 #
23. jjawssd ◴[19 Nov 17 18:16 UTC] No.15735067[source]
Is it possible to run secure code on any Intel microprocessor which supports the x86 instruction set?

I do not think so.

replies(1): >>15735619 #
24. snvzz ◴[19 Nov 17 18:24 UTC] No.15735096{4}[source]
In the Linux vs Xen example, the TCB is much bigger with Linux. The idea is to keep the TCB as small as possible, with an emphasis on restricting the code size that's actually running privileged.
25. hateduser2 ◴[19 Nov 17 19:21 UTC] No.15735415{7}[source]
Seems like you replied to the wrong comment, the intended parent might not see your reply because of this.. probably should repost it in the right place
replies(1): >>15736733 #
26. mmrezaie ◴[19 Nov 17 19:25 UTC] No.15735435{3}[source]
way smaller compared to KVM/Linux's but compared to seL4's 10k LOC it is huge which is why seL4 is a good candidate as industry standard size for trustable hypervisor layer [1] but I am not sure how and what happened to L4Linux project other than being just an academic project!

https://www.sigops.org/sosp/sosp09/papers/klein-sosp09.pdf

27. morganvachon ◴[19 Nov 17 19:59 UTC] No.15735619[source]
Pre-2006 systems, maybe. I have a PIII based laptop that I'm reasonably sure doesn't contain any malicious microcode or BIOS shenanigans. It certainly doesn't have IME or equivalent. However, that was the CPU that started Intel's serial number controversy, and while I do have a BIOS setting to turn it off, is it really off?

It's a pretty deep rabbit hole if you really want to go down it. You can make a case for not trusting any CPU that you didn't design and fab yourself, and even then you have to watch out for your own mistakes and bugs that can be used against you.

28. floatboth ◴[19 Nov 17 20:08 UTC] No.15735659[source]
Just like KVM, bhyve includes a whole unix kernel in the TCB. Sure it's a better one :) but still.

Tiny hypervisors like NOVA http://hypervisor.org, seL4-based are the ideal solution, but sadly no one seems to be pushing to make them usable and production-ready :(

29. standupstandup ◴[19 Nov 17 20:49 UTC] No.15735868{7}[source]
I'm not arguing that x86 will ever really be secure. However you handwaved a hypothetical "secure processor architecture". Realistically the way you do that is by making a very simple CPU, however, that would then be too slow to be usable for many applications. As a consequence nobody is doing so.

SGX is at least a middle ground - it integrates the memory access checks very deep into the memory access circuitry, sufficiently deep to block all other privilege levels on the CPU. Whilst there may well be implementation flaws in SGX itself so far most attacks have been mounted via side channels, not directly exploiting CPU bugs.

In this sense my original statement was correct. Intel is pushing secure CPUs forward more than any other vendor.

replies(1): >>15736746 #
30. monocasa ◴[19 Nov 17 22:19 UTC] No.15736268{3}[source]
sel4's virtualization support make it a type 2 hypervisor. Akaros too, which IMO has the right model for virtualization with it's 'VM threads' concept. All 'type 2' really means is that the kernel directly supports running threads in ring 3 in addition to ring 0.

I guess it's your use of 'proper' that bugged me.

31. nickpsecurity ◴[20 Nov 17 00:03 UTC] No.15736709{3}[source]
One of the trends I told Joanna about (i.e secure L4 kernels) led to folks developing exactly that. It was called KVM-L4. Here you go.

http://os.inf.tu-dresden.de/papers_ps/liebergeld-diplom.pdf

Complexity was still yoo high. Most in high-assurance security were trying stuff like Nova microhypervisor as a result. KVM on separation kernels might be worth further investigation for these platforms that will stay on KVM regardless.

32. ryacko ◴[20 Nov 17 00:08 UTC] No.15736733{8}[source]
Hmm. I thought comment chains were limited in length.
replies(1): >>15739964 #
33. ryacko ◴[20 Nov 17 00:11 UTC] No.15736746{8}[source]
I think a secure processor is very complex, not very simple. The smartest person's working memory cannot operate on more than a few hundred lines of code. A high performance processor that induces a fault when a programming error occurs is certainly very complex.

It is the wrong sense. Intel is playing catchup more than any other vendor and are selling a product that is nothing more than a bunch of cobbled together features, my opinion in the view of the statement that AMD is glued together.

replies(1): >>15737906 #
34. antod ◴[20 Nov 17 03:54 UTC] No.15737654{3}[source]
I was under the (possibly outdated) impression that Amazon wasn't really backing Xen much anyway, so AWS changing hypervisors might not mean much to Xen anyway.

I haven't used Xen for a while, but seemed to recall that Amazon forked it way back in the 3.x days and had been doing their own incompatible thing with it since then.

Corrections welcome of course :)

35. nickpsecurity ◴[20 Nov 17 04:50 UTC] No.15737871{4}[source]
The US and UK governments especially have been sponsoring great architectures for security that are described in enough detail for hardware engineers to implement or straight-up open source. CHERI at Cambridge is one of the latter which already runs FreeBSD. All Google has to do is pay a good team/company to build one that's reusable for their various products and services. Then, they can start targeting those to it at software level for better efficiency.

The project would cost money that Google has. There's not much new to invent, though. They just have to apply what's there. The performance penalties and ASIC costs are even much lower than they were in the past. Google refuses to do these things because either (a) they don't know about them or (b) more likely their management doesn't want to commit that much money to secure hardware. Typical of the big companies with the smartcard market the only exception far as stuff non-enterprises could afford.

For a quick example, they did retool software to support OpenPOWER architecture but could've also funded Raptor Workstation in a desktop or esp server form themselves. It would've been to their budget like pennies are to ours. Not even that. At least they did the Chromebooks, though, which are good for a lot of non-technical folks.

36. nickpsecurity ◴[20 Nov 17 05:00 UTC] No.15737906{9}[source]
They're actually pretty simple if you're mostly trying to defeat software/firmware attacks. You just add some part to run in parallel with the processor, which can be arbitrarily simple or complex, that checks certain things about the data such as length or data type. The first one was implemented in 1961 hardware with it being secure from code injection until the invention of ROP. That's a long time. I'll add a modern take on that which led to a flexible mechanism that can do a dozen or maybe more policies.

http://www.smecc.org/The%20Architecture%20%20of%20the%20Burr...

http://www.crash-safe.org/papers.html

A more complex one is below that was also designed by one person for his dissertation. Knocks out all kinds of issues without modifying the processor. It has stuff to improve for sure but it think it proves the point pretty well. The stuff corporate teams were designing comes nowhere near this because they don't know much about high-security design. A critical part of that isn't features so much as a balancing act between what protection mechanisms do and don't that tries to minimize complexity to low as is possible.

https://theses.lib.vt.edu/theses/available/etd-10112006-2048...

And one open-source one on MIPS for capability-based security that runs FreeBSD:

https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/

A company or group of hardware volunteers could develop this into something at least as usable as a multi-core ARM CPU on RISC-V or OpenSPARC. It wouldn't take tons of money esp if they worked their way up in complexity. The hard stuff is already done. People just need to apply it. They could even pay these academics to do it for them with open-sourced results. They even get a huge discount on the EDA tools that can be six digits a seat.

You're right that Intel is screwing up and playing catchup cobbling together features. There was stuff in the available literature better than most of what they're doing. They even have a separation kernel from Wind River they're not employing. Managers without security expertise must be pushing a lot of this stuff.

replies(2): >>15738135 #>>15738393 #
37. ryacko ◴[20 Nov 17 06:10 UTC] No.15738135{10}[source]
The theory is simple. I'm somewhat inclined to think it is not so easily applicable.

It is easy to make a secure coprocessor, since the formal logic proofs aren't for such a long set of code.

The fact that rootkits are even possible, that without malware that doesn't involve an elaborate rewrite of the kernel, shows how terrible everything is.

If I didn't know any better, I'd say that Intel is hiring the designers who thought Internet Explorer should be in the kernel.

38. gggvvh ◴[20 Nov 17 07:31 UTC] No.15738393{10}[source]
Ain’t no problem that couldn’t be solved by adding another layer of indirection, eh?
replies(1): >>15740298 #
39. pjmlp ◴[20 Nov 17 08:58 UTC] No.15738696{5}[source]
I don't know, doing business like every other major IT company?
40. walterbell ◴[20 Nov 17 09:55 UTC] No.15738863{4}[source]
Where does Cisco use Xen?
replies(1): >>15739028 #
41. pjmlp ◴[20 Nov 17 10:41 UTC] No.15739028{5}[source]
It has common products with Citrix for Citrix XenServer, https://blogs.cisco.com/datacenter/citrix-synergy-round-up-c...
42. hateduser2 ◴[20 Nov 17 14:15 UTC] No.15739964{9}[source]
Not that I know of.. although the reply button sometimes doesn’t show up.. you just have to click Into a comment if it’s missing for you
43. nickpsecurity ◴[20 Nov 17 15:01 UTC] No.15740298{11}[source]
Maybe in web or application software. In hardware, it all runs in parallel. The mechanism of something like SAFE becomes another component receiving input in the CPU pipeline. A conditional of sorts is added so the final write back to whatever memory doesn't happen unless the safety/security checks passed. The failure mode might also do an interrupt for OS so it could log the where and why of the failure. As in, application flaws could be patched quickly.