
Ask HN: Would it be possible to reimplement Qubes OS but lighter? - drKarl
Would it be possible to reimplement a concept like QubesOS using something like Kata Containers, maybe with Firecracker MicroVM?<p>SubgraphOS uses sandboxes, so I think it&#x27;s maybe a closer concept, but has critized because it has several vulnerabilities.<p>With Kata every container would be on a light VM with its own Kernel, so it would be closer I think to what Qubes provides, without needing Xen.<p>Would having a Host OS without an Hypervisor like Xen be a problem from a security point of view?
======
CyberFonic
Even bare metal hardware has potential vulnerabilities, eg Spectre & Meltdown,
micro-code bugs and management console back-channel attacks. Hypervisors have
been shown to be vulnerable to certain advanced attacks. And there are no
doubt, many zero-days that are yet to be discovered. Making an OS lighter by
changing the implementation is likely to introduce unintended new
vulnerabilities.

The OSes you mention have relatively small user base and thus their security
models are relatively unproven. I note that all of the environments you
mention use Linux for the userland and thus you will have apps that also have
potential security risks.

Perhaps it would be better to re-frame your question in terms of the
requirements that you intend to address. For example for highest level of
security you could go with an OS like seL4 and rewrite everything to avoid
Linux system vulnerabilities. Probably not practical. And the rewrite is not
guaranteed to be bug free.

The most secure environments are carefully specified and architected for their
intended application. The more general purpose an environment the greater the
number of potential vulnerabilities. It has been said that the most secure
computer system is powered-off, disconnected from all communications and
located in a locked and sealed underground vault in a remote off-the-grid
location.

~~~
drKarl
You made some very good points. I still think you can achieve a reasonable
level of security with something like Qubes. No computer is unhackable but
hacking a computer requires time and money, so it's a matter of if it's worth
it. If you make yourself a target for a three letter agency they'll probably
get to you one way or another. Qubes allows to isolate network interfaces and
usb ports to protect also from evil maid attacks.

