zlacker

[return to "A case against security nihilism"]
1. fsflov+Vp[view] [source] 2021-07-20 21:25:44
>>feross+(OP)
The only practical security is security through isolation, like what Qubes OS provides. Security through correctness is impossible.
◧◩
2. ttymck+Rr[view] [source] 2021-07-20 21:37:13
>>fsflov+Vp
Stupid question: how do you know your isolation is correct?
◧◩◪
3. fsflov+dv[view] [source] 2021-07-20 21:58:37
>>ttymck+Rr
Not stupid question at all. Nothing is 100% correct. Instead, you look at the attack surface, which for Qubes is extremely small: no network in AdminVM, only 100k lines of code in Xen supervisor, hardware virtualization with extremely low number of discovered escapes and so on.
◧◩◪◨
4. snvzz+M71[view] [source] 2021-07-21 04:22:24
>>fsflov+dv
Xen is bloated and has a security hole history. This also ignores the size of the Linux acting as dom0, that is.

The only correct answer is formal reasoning, as successfully executed by seL4.

[go to top]