Wed . 19 May 2019

Qubes OS

qubes os, qubes os download
Qubes OS is a security-focused desktop operating system that aims to provide security through isolation6 Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems78

On February 16, 2014, Qubes was selected as a finalist of Access Innovation Prize 2014 for Endpoint Security Solution9


  • 1 Security goals
  • 2 System architecture overview
    • 21 Xen hypervisor and administrative domain Dom0
    • 22 Network domain
    • 23 Application Virtual Machines AppVM
  • 3 See also
  • 4 References
  • 5 External links

Security goalsedit

Security domains scheme

Qubes implements a Security by Isolation approach10 The assumption is that there can be no perfect, bug-free desktop environment Such an environment counts millions of lines of code, billions of software/hardware interactions One critical bug in any of these interactions may be enough for malicious software to take control over a machine1112

In order to secure a desktop, a Qubes user should take care of isolating various environments, so that if one of the components gets compromised, the malicious software would get access to only the data inside that environment13

In Qubes, the isolation is provided in two dimensions: hardware controllers can be isolated into functional domains eg network domains, USB controller domains, whereas the user's digital life is decided in domains with different levels of trust For instance: work domain most trusted, shopping domain, random domain less trusted14 Each of those domains is run in a separate virtual machine

Qubes is not a multiuser system15

System architecture overviewedit

Xen hypervisor and administrative domain Dom0edit

The hypervisor provides isolation between different virtual machines The administrative domain, also referred to as Dom0 a term inherited from Xen, has direct access to all the hardware by default Dom0 hosts the GUI domain and controls the graphics device, as well as input devices, such as keyboard and mouse The GUI domain runs the X server, which displays the user desktop, and the window manager, which allows the user to start and stop the applications and manipulate their windows

Integration of the different virtual machines is provided by the Application Viewer, which provides an illusion for the user that applications execute natively on the desktop, while in fact they are hosted and isolated in different virtual machines Qubes integrates all these virtual machines onto one common desktop environment

Because Dom0 is security-sensitive, it is isolated from the network It tends to have as little interface and communication with other domains as possible in order to minimize the possibility of an attack originating from an infected virtual machine1617

The Dom0 domain manages the virtual disks of the other VMs, which are actually stored as files on the dom0 filesystems Disk space is saved by virtue of various virtual machines VM sharing the same root file system in a read-only mode Separate disk storage is only used for userʼs directory and per-VM settings This allows software installation and updates to be centralized It is also possible to install software only on a specific VM, by installing it as the non-root user, or by installing it in the non-standard, Qubes-specific /rw hierarchy

Network domainedit

The network mechanism is the most exposed to security attacks This is why it is isolated in a separate, unprivileged virtual machine, called the Network Domain

An additional firewall virtual machine is used to house the Linux-kernel-based firewall, so that even if the network domain is compromised due to a device driver bug, the firewall is still isolated and protected as it is running in a separate Linux kernel in a separate VM18

Application Virtual Machines AppVMedit

AppVMs are the virtual machines used for hosting user applications, such as a web browser, an e-mail client or a text editor For security purpose, these applications can be grouped in different domains, such as “personal”, “work”, “shopping”, “bank”, etc The security domains are implemented as separate, Virtual Machines VMs, thus being isolated from each other as if they were executing on different machines

Some documents or applications can be run in disposable VMs through an action available in the file manager The mechanism follows the idea of sandboxes: after viewing the document or application, then the whole Disposable VM will be destroyed19

Each security domain is labelled by a color, and each window is marked by the color of the domain it belongs to So it is always clearly visible to which domain a given window belongs

See alsoedit

  • ZeroPC


  1. ^ "Qubes OS License" 
  2. ^ "Introducing Qubes 10!" September 3, 2012 
  3. ^ "Qubes 32" September 29, 2016 
  4. ^ "Qubes OS 32 rc3 has been released!" August 31, 2016 
  5. ^ https://wwwqubes-osorg/doc/QubesLicensing/
  6. ^ "Qubes OS bakes in virty system-level security" The Register September 5, 2012 
  7. ^ "Qubes OS Templates" 
  8. ^ "Installing and using Windows-based AppVMs" 
  9. ^ "Endpoint Security Prize Finalists Announced!" Michael Carbone February 13, 2014 
  10. ^ "The three approaches to computer security" Joanna Rutkowska September 2, 2008 
  11. ^ "Qubes OS: An Operating System Designed For Security" Tom's hardware August 30, 2011 
  12. ^ "A digital fortress" The Economist March 28, 2014 
  13. ^ "How Splitting a Computer Into Multiple Realities Can Protect You From Hackers" Wired November 20, 2014 
  14. ^ "Partitioning my digital life into security domains" Joanna Rutkowska March 13, 2011 
  15. ^ Rutkowska, Joanna May 3, 2010 "Google Groups - Qubes as a multi-user system" Google Groups 
  16. ^ "UnTrusting your GUI Subsystem" Joanna Rutkowska September 9, 2010 
  17. ^ "The Linux Security Circus: On GUI isolation" Joanna Rutkowska April 23, 2011 
  18. ^ "Playing with Qubes Networking for Fun and Profit" Joanna Rutkowska September 28, 2011 
  19. ^ "Qubes To Implement Disposable Virtual Machines" OSnews June 3, 2010 

External linksedit

  • Official website
  • Invisible Things Lab
  • Invisible Things Blog
  • DistroWatch overview
  • Trusted Computing Technologies, Intel Trusted Execution Technology, Sandia National Laboratories, January 2011, by Jeremy Daniel Wendt and Max Joseph Guise

qubes os, qubes os 4, qubes os creator, qubes os download, qubes os hardware compatibility, qubes os installation guide, qubes os kali vm template, qubes os requirements, qubes os review, qubes os tutorial

Qubes OS Information about

Qubes OS

  • user icon

    Qubes OS beatiful post thanks!


Qubes OS
Qubes OS
Qubes OS viewing the topic.
Qubes OS what, Qubes OS who, Qubes OS explanation

There are excerpts from wikipedia on this article and video

Random Posts



The Picts were a tribal confederation of peoples who lived in what is today eastern and northern Sco...
Visual prosthesis

Visual prosthesis

A visual prosthesis, often referred to as a bionic eye, is an experimental visual device intended to...
Mini rugby

Mini rugby

Mini rugby, also known as New Image Rugby, is a form of rugby union designed to introduce the sport ...
List of synthetic polymers

List of synthetic polymers

Synthetic polymers are human-made polymers From the utility point of view they can be classified int...