If you could get me a running copy of GH's OS onto my desktop, then I
could comment on this product. Or, at the very least, the architecture
documentation for their mysterious product. Interestingly I have
requested a copy of the documentation through their website more than a
year ago and they never got back to me... (Hey GH!) So, I consider this
product essentially a vaporware. I will change my mind when I will be
able to download at least a trial ISO from their website and try by
myself...
> TU Dresden's L4-related work in 2006 produced Nizza Architecture, allowing
> security-critical apps to run side-by-side with apps in a legacy OS VM.
> Demoed by GPLed TUD:OS, it had an minimal-TCB GUI, deprivileged Linux VM,
> scheme to run Linux-compatible device drivers isolated as apps on
> microkernel, a virtual filesystem, Qt3 toolkit, libSDL toolkit, and an
> ecommerce transaction demo that shows the simplicity of the system. Nizza
> was later used to create Micro-SINA, a low TCB IPSec VPN.
>
Where can I got an install-able & usable distribution/OS based on this
concept?
> Perseus Security Architecture, designed in 2001 and implemented mostly by
> 2005, was Europe's scheme. The resulting Turaya Security Kernel platform was
> released under GPL and provides: microkernel; secure storage for keys; TPM
> booting; isolated apps; isolated drivers; VM for legacy Linux apps &
> untrusted code. The Turaya Security Platform is being applied in a secure
> phone by OK Labs & Sirrix, VPN, and drive encryption. First application was
> Turaya Desktop w/ TPM/kernel-protected disk encryption, VPN, and DLP
> features.
>
Where can I got an install-able & usable distribution/OS based on this
concept?
> OK Labs and NICTA. They created L4 & OKL4 kernels, deprivileged Linux layer,
> isolated Linux-compatible device driver scheme, ultra-fast isolated apps on
> microkernel, and capability based security. It was licensed open-source for
> non-commercial use and pretty cheap for commercial use. Recently, a formally
> verified microkernel (seL4/OKL4 Verified) with the above features was
> released. Field tested in 1 billion phones.
>
Yeah, and we all see how secure the mobile phones are these days...
Superior security indeed ;)
<even more ironic>
I'm surprised you never mentioned the secure-by-design
_micro-kernel-based_ Max OS X?! ;)
</>
> These are my main comparisons and I contend they are quite similar to what
> the QubesOS team built in many respects, but their base platform is
> superior. The main superiority is that microkernel's can run isolated apps
> much better than the Xen kernel, /.../
Please support this statement with concrete arguments.
> The more isolated nature of the
> drivers in these other projects,
You clearly don't know what are you talking about here...
> along with Linux driver reuse, already made
> one of your goals easy w/out having to contend with the dom0 problem Xen
> had.
You clearly don't know what are you talking about here...
>
> Now, all that said, I definitely like your project. You've accomplished a
> lot and developed plenty of great features. My criticism was that applying
> the same amount of effort to one of the above existing projects would have
> resulted in a platform with better features, more assurance, a base more
> amenable to high assurance methods, and probably higher performance if a
> microkernel like OKL4 was used.
Why? Give concrete arguments, pls. Oh, and don't forget that we want
features such as power management in Qubes! And we want to support x86.
> To be honest, my biggest disappointment was personal and unrelated to the
> results of the QubesOS project. I had been following Invisible Things work
> on vulnerabilities in hardware, firmware, etc. for a while. You all simply
> did awesome work. The types of vulnerabilities found were well-known in
> academic circles: papers written at the time of the Orange Book showed x86
> for the insecure, hard to virtualize and covert channel-ridden mess it was.
Yup, our algorithm for coming up with new research: take an academic
paper from the 80's, and rewrite it adding funny jokes, publish. You got us!
> Your team demonstrated these theoretical findings perfectly & made the
> public aware.
>
> So, here we were, working on designs building on top of projects like
> Perseus. Trusted boot, trusted path, secure storage, isolation, etc. were
> mostly solved problems, esp. with the separation kernels.
You clearly confuse terms -- separation kernels have nothing to do with
trusted boot -- these are orthogonal things.
> The remaining
> problem was untrustworthy hardware/firmware/BIOS undermining all of the
> above (including Qubes to a degree).
That's mostly covered by trusted boot technologies (which itself have
bugs, of course, as we already domed twice).
Cheers,
joanna.