> ... [C]onsider e.g. http://cseweb.ucsd.edu/~hovav/dist/cloudsec.pdf - cross-VM attacks are real, and extremely scary.
I think this line of research is interesting though, even if I don't foresee ever using it.
I see they've utilized KWin decorators to display green or red windows, nice idea.
4GB of RAM
64-bit Intel or AMD processor (x86_64 aka x64 aka AMD64)
Intel GPU strongly preferred (if you have Nvidia GPU, prepare for some troubleshooting; we haven't tested ATI hardware)
10GB of disk (Note that it is possible to install Qubes on an external USB disk, so that you can try it without sacrificing your current system. Mind, however, that USB disks are usually SLOW!)
Wonder how it handles OpenGL applications and games.
The closest thing to an answer to that, as far as I can tell, is multiple computers. Assuming Qubes works as advertised, however, it seems as if it doesn't really scratch the bigger itch--the technology seems cool (I haven't dug deeply into it), but does it address the social/usability problem of security, even for these professionals who need that high security environment?
From reading about this, it seems as if you could have stopped at "it's a niche operating system," because to my mind it seems like professionals who need a high security environment will just have multiple computers. If a segmented system like Qubes is not going to run the stuff that your hypothetical professional will want to run (games just being an example, and one that seems to have been misleading), then why would it be preferable to just rolling multiple computers? (Cost, which is the only advantage I can think of, doesn't strike me as a significant factor to folks who are actually doing things that necessitate this sort of security.)
If you've ever worked in a high security computing environment, you've had N workstations on your desk, where N is often approaching 5 -- NIPR, SIPR, JWICS, various task-specific machines, etc. These environments aren't just nice air conditioned purpose-built offices in the US; they're tents in Afghanistan, on aircraft and cramped warships, etc.
Sometimes people use KVM switches, but even then, you need separate hosts, and it's usually best to use multiple monitors and keyboards anyway.
Invisible Things was has been testing the limits of current hypervisors, and there's room for them to both work on what is possible once a real separation kernel exists (now) in prototype form, and to continue to refine hypervisors and develop a real separation kernel.
I'm still kind of amazed that these 2-4 people in Poland are probably the world's foremost experts on hypervisor security.
That protects you from hypervisor and hardware attacks. The only thing you need to trust is that none of the guests can induce the windowing system to incorrectly direct output, and that the windowing system can enforce access control (mandatory or discretionary) to the various guests.
The basic/extant version of this is putting a bunch of discrete devices in different security domains on serial ports, and then having a trusted console server to intermediate everything. A console server is vastly simpler than a full graphic windowing system like X Windows, much easier to audit, and more secure.