Re: [qubes-devel] Qubes VS Nova Microhypervisor VS LynxSecure
222 views
Skip to first unread message
Message has been deleted
Ph.T
Jun 29, 2010, 7:33:38 PM6/29/10
to qubes...@googlegroups.com
On Tue, Jun 29, 2010 at 4:48 AM, Alexandre GRAIS <alexand...@gmail.com> wrote:
. I wonder if you can give some details about the differences between this OS:- Qubes (of course my favorite!)- Nova Microhypervisor- LynxSecureI don't really know if these Os can be compared but i hope you could help me!
. I'm interested in Qubes because
Invisible Things Lab has invested
a lot of research into how to
securely reuse what's
open and ready for x86 -- xen --
for a solution similar to LynxSecure
(which is proprietary ... ).
. the Nova microhypervisor
along with the Bastei
secure operating-system layer,
are the primary technologies of
Europe's ROBIN project
(Open Robust Infrastructures)
whose purpose is
"(to establish an alternative
to proprietary US solutions
that we expect will appear soon;)
[eg, LynxSecure .]
NOVA's microhypervisor is GPL 2
(here is version 0.1):
NOVA compared to okL4 microvisor:
Qubes compared to okL4 microvisor:
Nick P on Sun, 04/11/2010 - 11:35pm:
"(
... Everyone keeps doing redundant work. ...
OKL4/seL4, Nizza & Perseus Architecture,
and Nova microhypervisor
[are doing the same thing as Qubes]
The L4 ... groups have a
well-validated microkernel,
needed base services/drivers,
a POSIX/Linux/other VM for legacy apps,
and frameworks to integrate
isolated apps with regular apps.
Now, we need to work below [L4]
(trusted hardware/firmware)
and above
(drivers/libraries/coreservices).
We could build a trusted workstation, router, VPN, etc.
[rather than]
... have (sighs) *another* OS
acting as a hypervisor/MILS/security kernel.
) .
--
Americium Dream Documents"(real opportunity starts with real documentation)
Joanna Rutkowska
Jun 30, 2010, 5:24:45 AM6/30/10
to qubes...@googlegroups.com, Ph.T
Hi,
It's a mistake to compare Qubes to some hypervisor projects, because
Qubes is not another hypervisor. Qubes project is about creating the
whole, standalone desktop operating system. Qubes uses a type I
hypervisor for this, currently Xen, but nothing fundamentally prevents
the use of other hypervisors.
Qubes project focueses on things such as: secure GUI isolation,
driver/backend sandboxing, trusted boot, and last but not least, on
hiding all the inconveniences of the above from the user (easy
copy-and-paste between VMs, disposable VMs, protecting against human
mistakes, etc).
I'm not aware of any project that could be even compared to Qubes -- if
you know, please let me know (but please, for Christ's sake, don't refer
to blog *comments*!).
joanna.
Ph.T
Jun 30, 2010, 3:03:17 PM6/30/10
to Joanna Rutkowska, qubes...@googlegroups.com
> don't refer to blog *comments*!
. sorry about pointing us to negativity
but I didn't know eno' about the subject
to know how to abstract what was useful
about the comment:
(
. why are people asking for comparisons?
do they have the same concerns as
commenter"Nick?
. Nick seemed rather knowledgeable,
so I took seriously the concern that
Qubes was "(yet another
OS acting as a hypervisor)
when he must have known what xen
does for the project;
did he mean xen is not securable?
. is L4 to be compared to xen?
or do we not have practical access to it?
. what does okL4 verification mean to x86?
it's only verified for ARM, right?
).
thanks,
phil
Reply all
Reply to author
Forward
0 new messages