| |||||||||||||
Qubes: security by virtualizationQubes: security by virtualizationPosted May 6, 2010 13:02 UTC (Thu) by pcampe (guest, #28223)Parent article: Qubes: security by virtualization
The article fails to explain why (if) Qubes is better than KVM+SELinux, i.e. SVirt (http://selinuxproject.org/page/SVirt). Anyone has a clearer picture?
(Log in to post comments)
Qubes: security by virtualization Posted May 6, 2010 15:04 UTC (Thu) by davecb (subscriber, #1574) [Link]
It's an independent reinvention of MAC, implemented by virtualization. Which is amusing, as the Solaris "zones" virtualization is derived from Trusted Solaris MAC (;-))
I expect two things
and just perhaps
--dave
Qubes: security by virtualization Posted May 6, 2010 15:24 UTC (Thu) by davecb (subscriber, #1574) [Link]
Whoop! My error, you're already *doing* the combination.
--dave
Qubes: security by virtualization Posted May 7, 2010 1:49 UTC (Fri) by jamesmrh (guest, #31622) [Link]
sVirt can't protect against a kernel bug in the host -- if a guest breaks out and exploit a host kernel bug, then it's game over.
We are looking at ways to help mitigate this.
Qubes: security by virtualization Posted May 7, 2010 7:50 UTC (Fri) by pcampe (guest, #28223) [Link]
Partially correct, because a MAC could protect against such attack if the MAC function in the kernel is working properly and the policy has no black holes (of course, you could have some kernel bugs that prevent MAC from enforcing the defined security policy when complex interactions between host and guests happen).
Otherwise, you'd better have an hypervisor with a minimal footprint, which at least reduces the attack surface; but Qubes it's using Xen, so it could exposes the same target with the same (known or latent) vulnerabilities.
|
|||||||||||||