On 01/23/2018 03:41 PM, Ivan Mitev wrote:> I don't think I'll ever use Qubes in the cloud as I'm often in places > where I can't rely on a good internet connection but being able to > locally and securely use different hardware platforms for different > workloads/usage opens a whole new world of use cases. (I liked the idea > of a dumb microcontroller for the vault VM).
I think a dumb microcontroller for the vault VM only increases the attack surface without any measurable benefit security-wise. Basically, my reasoning is that if the Admin VM is compromised, then the vault is compromised too anyway, so let's keep the vault as close as possible to the Admin VM. That said, running untrusted applications on hardware separate from the trusted display/admin/vault hardware (including display as trusted here, as I'm assuming a single-user non-company-laptop system where the GuiVM gives full rights on the AdminVM) would be a great possibility, for protecting those trusted systems against a number architectural attacks from untrusted applications. And even segregating different untrusted applications on different hardware, in the same way as qubes allows it currently, would be great too! -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/aa17065e-3f87-42e5-15d6-3d3683e954d3%40gaspard.io. For more options, visit https://groups.google.com/d/optout.
