Security and Virtualization
Studying the history of Citrix Xen Server, I looked carefully at the contents of the XenSource site and found for myself some interesting projects related to the XEN hypervisor.
In particular, I was interested in the development of a team led by Joanna Rutkowska - OS QubeOS .
The essence of the product is to virtualize unsafe OS subsystems (file system, drivers, network, user data, etc.). The work resulted in a Linux-based OS, whose architecture is presented below:
')
The user has at his disposal an OS in which he can create virtual containers (essentially a virtual machine) in which he starts a certain set of applications data, which should not be available to other applications. For the user, everything looks normal, with the exception of the color frame around each application window corresponding to each container.
From the point of view of security, there are undeniable advantages:
- hacking or driver failure will not lead to the fall of the entire system (you just need to restart the container with the drivers)
- user data is available only to trusted applications
- etc.
At the moment, the system is at the Alpa 2 stage and is developing quite intensively. What do you think about this scheme?
In particular, I was interested in the development of a team led by Joanna Rutkowska - OS QubeOS .
The essence of the product is to virtualize unsafe OS subsystems (file system, drivers, network, user data, etc.). The work resulted in a Linux-based OS, whose architecture is presented below:
')
The user has at his disposal an OS in which he can create virtual containers (essentially a virtual machine) in which he starts a certain set of applications data, which should not be available to other applications. For the user, everything looks normal, with the exception of the color frame around each application window corresponding to each container.
From the point of view of security, there are undeniable advantages:
- hacking or driver failure will not lead to the fall of the entire system (you just need to restart the container with the drivers)
- user data is available only to trusted applications
- etc.
At the moment, the system is at the Alpa 2 stage and is developing quite intensively. What do you think about this scheme?
Source: https://habr.com/ru/post/103027/
All Articles