In Jan, 2018, during a key brainstorming session with the team for a secure IIoT enabled kiosk system for hospitals, we realised that the popular SBC (Single Board Computers) are not secure enough to manage the Personally Identifiable Information (PII) as per the GDPR and ENISA guidelines. As the discussion matured, later we got the reasonably perfect solution, hardware and software within the project budget and implemented the solution to the client’s location, a shared success delivered.
During that week long discussion, we prepared the list of embedded OS and different Linux distros for our SBC’s OS requirement. A very strange one in our list was Qubes OS, most secure, resource hungry monster that was built on exploiting the concept of Security by Isolation, implementing domains as lightweight Xen Virtual Machines.
Polish company called, Invisible Things Lab’s development team beautifully managed to marry the two concepts;
- Isolating the domains, in strongest possible manner.
- An innovative architecture that minimize the amount of trusted code in your machine.
I am following this project since the beginning and recently got a hands on with their latest release version 4.0.3, although need to sacrifice couple of hours over the weekend.
This concept is a bit strange to explain until you see it in operations, it’s like you are running multiple domains on the same desktop in a virtual environment. The applications actually running in separate VM environment windows within the Qubes OS. They are rigidly enforced, even for normal operations like copy and paste from one domain window to other, requires menu-driven procedures and authorization in every step.
The Qubes OS runs multiple color-coded Xen VM as an isolated windows that gives some significant secure environment;
- It ensures that rogue code or malicious intrusions in one domain do not affect other components in the Qubes OS.
- Self-destruction domain brings an added security. This one is intriguing, if you open a web application or site in a disposable domain and stumble on an infected service, the foreign substance would be automatically deleted when the domain is closed.
Domain Autonomy:
Once you install the Qubes OS, at default it creates three domains: Work, Personal and Untrusted, if needed you can create more domains using the utility called trusted window manager. Each domain is distinguished by colour code as label.