Xen in Qubes OS Security Architecture

From Xen

Jump to: navigation, search

This document describes the architecture of Qubes OS an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps.

Section 3 of this document contains a discussion of the security of the Xen hypervisor as well as KVM. For your convenience, we outlined the content of this section here

3. The hypervisor and the administrative domain

  • The role of the hypervisor
  • Xen vs. KVM security architecture comparison
    • The thin vs. fat hypervisor argument
    • The I/O Emulation vs. PV drivers
    • Driver domains support
    • Summary
  • Securing the hypervisor
    • Formal security proofs?
    • Reducing hypervisor footprint
    • Anti-exploitation mechanisms in the hypervisor
    • Reducing Inter-VM covert channels
  • The administrative domain (Dom0)
  • Power management and ACPI support
    • ACPI security concerns
    • Preventing ACPI abusing attacks
Personal tools