Ask HN: Would it be possible to reimplement Qubes OS but lighter?

6 points by drKarl ↗ HN
Would it be possible to reimplement a concept like QubesOS using something like Kata Containers, maybe with Firecracker MicroVM?

SubgraphOS uses sandboxes, so I think it's maybe a closer concept, but has critized because it has several vulnerabilities.

With Kata every container would be on a light VM with its own Kernel, so it would be closer I think to what Qubes provides, without needing Xen.

Would having a Host OS without an Hypervisor like Xen be a problem from a security point of view?

2 comments

[ 1.8 ms ] story [ 19.7 ms ] thread
Even bare metal hardware has potential vulnerabilities, eg Spectre & Meltdown, micro-code bugs and management console back-channel attacks. Hypervisors have been shown to be vulnerable to certain advanced attacks. And there are no doubt, many zero-days that are yet to be discovered. Making an OS lighter by changing the implementation is likely to introduce unintended new vulnerabilities.

The OSes you mention have relatively small user base and thus their security models are relatively unproven. I note that all of the environments you mention use Linux for the userland and thus you will have apps that also have potential security risks.

Perhaps it would be better to re-frame your question in terms of the requirements that you intend to address. For example for highest level of security you could go with an OS like seL4 and rewrite everything to avoid Linux system vulnerabilities. Probably not practical. And the rewrite is not guaranteed to be bug free.

The most secure environments are carefully specified and architected for their intended application. The more general purpose an environment the greater the number of potential vulnerabilities. It has been said that the most secure computer system is powered-off, disconnected from all communications and located in a locked and sealed underground vault in a remote off-the-grid location.

You made some very good points. I still think you can achieve a reasonable level of security with something like Qubes. No computer is unhackable but hacking a computer requires time and money, so it's a matter of if it's worth it. If you make yourself a target for a three letter agency they'll probably get to you one way or another. Qubes allows to isolate network interfaces and usb ports to protect also from evil maid attacks.