Andrew David Wong writes: > Joanna Rutkowska has just published a new article titled "Qubes Air: > Generalizing the Qubes Architecture." The article is available both on > Joanna's blog: > > https://blog.invisiblethings.org/2018/01/22/qubes-air.html > > And on the Qubes website: > > https://www.qubes-os.org/news/2018/01/22/qubes-air/
Qubes Air still has a master admin qube as a single point of failure. Qubes Air also makes the attacker's job easier, if he's trying to traverse from one VM to another within a slave zone in a system with heterogeneous VMMs, because he now has another VMM to choose from, with different vulnerabilities. He can either exploit the slave's VMM to gain control of the slave zone (including his target VM), or exploit the master zone's VMM to gain control of the entire system (including the slave's VMM). In contrast, a Qubes 4.0 system has only one VMM, so the attacker doesn't get a choice. Qubes Air also doesn't really make deployment easier. If a user needs Qubes, that means he needs more security than a conventional OS gives. So, even in the easiest case (Qubes in a trusted cloud), his client device still at least needs an IOMMU-isolatable network device. Without that, the entire system is compromisable via the netvm, via merely an exploit of the network driver or stack, just like a conventional OS, so why would he bother running Qubes in the first place? But if his client device does have that feature, then the most practical OS to run on it is Qubes, so he's already going to have Qubes deployed before bothering with the cloud. So then, what good is Qubes Air? Apparently, managing a cluster computer. But that's just an additional capability, after the user has already deployed and secured his Qubes system in the first place. Contrary to the news article, Qubes Air doesn't solve problems of initial deployment or single point of failure. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/oLJzaJb819XAD4b9RC96xT9eJKs4akVd2IgkaR5k90f%40local. For more options, visit https://groups.google.com/d/optout.
