/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use verified L4 kernel instead of Xen #3894

Open
GWeck opened this Issue May 12, 2018 · 0 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Far in the future
2 participants
@GWeck @andrewdavidwong
@GWeck

GWeck commented May 12, 2018
edited
Edited 1 time
  • @GWeck GWeck edited May 12, 2018 (most recent)

Qubes OS version:

Far in the Future

Affected component(s):

mainly dom0

Steps to reproduce the behavior:

Expected behavior:

Actual behavior:

General notes:

The security of Qubes critically depends on strong isolation provided by Xen. Bugs in Xen endanger the security of Qubes significantly. Possibly the security kernel of L4 (os.inf.tu-dresden.de/L4/) might be used instead of Xen, if vchan and qrexec could be implemented in L4 without too much effort. As L4 is used in very security critical projects, e.g. a filter gateway connecting NATO secret systems to the outside world (https://www.infodas.de/wp-content/uploads/2016/11/SDoT_6.0i_eng_170530.pdf), it is to be expected that using L4 would significantly reduce the risks posed in Xen by bugs.

I think it would be worth while to contact the Technical University of Dresden on this issue. As far as I know, they are currently looking at Qubes and should be interested in a cooperation with the Qubes team. If interested, please contact Prof. Härtig (haertig@os.inf.tu-dresden.de).

Related issues:

@andrewdavidwong andrewdavidwong added enhancement C: core labels May 12, 2018

@andrewdavidwong andrewdavidwong added this to the Far in the future milestone May 12, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment