On 06/28/2017 03:57 AM, Andrew David Wong wrote: > Dear Qubes Community, > > Joanna has just published a new post: "Introducing the Qubes Admin API". > You can view the post on the Qubes website here: > [...] > ## Towards sealed-off dom0 > > Ideally, we would like to de-privilege both the admin and user roles enough > that > neither can interfere with the other. This means, e.g., that the admin will > not > have access to the user's data, while the user cannot interfere with the > admin's > policies. Of course, at bottom, there will still be dom0 with its ultimate > control over the system, but perhaps it could be sealed off in such a way that > neither admins nor users can modify system-wide policies, VM images, or dom0 > software.
This reminds me of how physical intrusion-prevention electronic systems work for homes / small offices: when the IPS is "armed" by the user the installator has no power (i.e. any attempt to enter his code or open any device sets off the alarm sirens), and when the IPS is in "configuration mode" it cannot be operated by the user. A "sealed-off" dom0 would then be a further expansion on this well-known concept, where the user should not alter management parameters and the admin should not acces user data (albeit both could theoretically work on the system at the same time). All in all, a nice long article on a welcome expansion on the manageability of Qubes in organizations that have more than a couple workstations and fewer sysadmins than employees. I only hope it will not take too much time to see the full proposal actually implemented... -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/512474dc-6502-a750-f33e-2ecc22b2a886%40gmx.com. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
