zlacker

[return to "Qubes OS: A reasonably secure operating system"]
1. snvzz+D3[view] [source] 2017-11-19 17:00:09
>>ploggi+(OP)
Their weakest point is the hypervisor, Xen, which while a better choice than Linux/KVM, is still extremely bloated and has a poor security history.

Thankfully, better designs such as seL4's VMM do exist, although it might need a little more work [1] until usable for the purpose.

[1] https://sel4.systems/Info/Roadmap/

◧◩
2. monoca+f6[view] [source] 2017-11-19 17:27:09
>>snvzz+D3
No, I'd say that the weakest point is the IPC marshalling necessary to connect all of the containers together into a cohesive system. That's what I'd attack first.
◧◩◪
3. Joachi+t6[view] [source] 2017-11-19 17:29:58
>>monoca+f6
A good place to look, but do note that that's the code written by the Qubes OS people - presumably, it's written with security in mind. Of course, Xen has had more eyeballs, so...
[go to top]