Isolating processes in Qubes OS 3.1 : Review

Qubes OS is a Fedora based security oriented, open source operating system for laptops and personal computers. Qubes OS achieve security by isolating different tasks in separate virtual machines so that one application can't interact with another.

Latest issue of distrowatch weekly(10/04/2016) features a review of Qubes OS 3.1, new release of project released last month. The reviewer tells that though he was confused about usage Qubes OS at beginning, things became much clear when he started understanding the underlying principle of Qubes OS.

There are several approaches to computer security. One method is to try to make every component work as correctly and error-free as possible. This is called security through correctness. Another approach is called security by obscurity and it involves hiding secrets or flaws. A third approach to security is isolation, which is sometimes called security by compartmentalization. This third method keeps important pieces separate so if one component is compromised, the other components can continue to work, unaffected.

These different styles of security might make more sense if we look at an example from the non-digital world. Imagine we have some valuables we want to keep locked away and we decide to buy a safe to store our precious documents, jewels and money. If we buy a high quality safe that is hard to force open, that is security through correctness. If we hide our safe behind a picture or in a secret room, that is security through obscurity. Buying two safes and placing half of our valuables in each so if one is robbed then we still have half of our items is an example of security by compartmentalization.
Read complete review in distrowatch weekly.

Share this

Related Posts