qubes-doc/QubesResearch.md

---
layout: doc
title: QubesResearch
permalink: /doc/QubesResearch/
redirect_from: /wiki/QubesResearch/
---

Here are some links to various papers/research projects that somehow relate to Qubes.

### Attacks on Intel TXT

-   [Attacking Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf) by Rafal Wojtczuk, Joanna Rutkowska
-   [ACPI: Design Principles and Concerns](http://www.ssi.gouv.fr/IMG/pdf/article_acpi.pdf) by Loic Duflot, Olivier Levillain, and Benjamin Morin
-   [Another Way to Circumvent Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf) by Rafal Wojtczuk, Joanna Rutkowska, Alex Tereshkin
-   [Attacking Intel TXT® via SINIT code execution hijacking](http://www.invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT_hijacking.pdf) by Rafal Wojtczuk and Joanna Rutkowska

### Software attacks coming through devices

-   [Can you still trust your network card?](http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf) by Loïc Duflot, Yves-Alexis Perez and others
-   [Remotely Attacking Network Cards (or why we do need VT-d and TXT)](http://theinvisiblethings.blogspot.com/2010/04/remotely-attacking-network-cards-or-why.html) by Joanna Rutkowska
-   [On Formally Verified Microkernels (and on attacking them)](http://theinvisiblethings.blogspot.com/2010/05/on-formally-verified-microkernels-and.html) by Joanna Rutkowska
-   [Following the White Rabbit: Software Attacks against Intel® VT-d](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) by Rafal Wojtczuk and Joanna Rutkowska

### Application-level security

-   [Virtics: A System for Privilege Separation of Legacy Desktop Applications](http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-70.pdf) by Matt Piotrowski

### VMM/Xen disagregation

-   [[http://tjd.phlegethon.org/words/sosp11-xoar.pdf](http://tjd.phlegethon.org/words/sosp11-xoar.pdf) "Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor] by Patrick Colp at el.
     (Also see [this thread on xen-devel](http://www.gossamer-threads.com/lists/xen/devel/230011))
QubesResearch changed Initial papers list 2010-05-03 17:15:20 +00:00			`---`
wiki -> doc migration 2015-04-10 20:17:45 +00:00			`layout: doc`
QubesResearch changed Initial papers list 2010-05-03 17:15:20 +00:00			`title: QubesResearch`
wiki -> doc migration 2015-04-10 20:17:45 +00:00			`permalink: /doc/QubesResearch/`
			`redirect_from: /wiki/QubesResearch/`
QubesResearch changed Initial papers list 2010-05-03 17:15:20 +00:00			`---`

			`Here are some links to various papers/research projects that somehow relate to Qubes.`

			`### Attacks on Intel TXT`

Remove zero-width spaces (U+200B) left by trac 2015-05-08 13:17:21 +00:00			`- [Attacking Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf) by Rafal Wojtczuk, Joanna Rutkowska`
			`- [ACPI: Design Principles and Concerns](http://www.ssi.gouv.fr/IMG/pdf/article_acpi.pdf) by Loic Duflot, Olivier Levillain, and Benjamin Morin`
			`- [Another Way to Circumvent Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf) by Rafal Wojtczuk, Joanna Rutkowska, Alex Tereshkin`
			`- [Attacking Intel TXT® via SINIT code execution hijacking](http://www.invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT_hijacking.pdf) by Rafal Wojtczuk and Joanna Rutkowska`
QubesResearch changed Initial papers list 2010-05-03 17:15:20 +00:00
			`### Software attacks coming through devices`

Remove zero-width spaces (U+200B) left by trac 2015-05-08 13:17:21 +00:00			`- [Can you still trust your network card?](http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf) by Loïc Duflot, Yves-Alexis Perez and others`
			`- [Remotely Attacking Network Cards (or why we do need VT-d and TXT)](http://theinvisiblethings.blogspot.com/2010/04/remotely-attacking-network-cards-or-why.html) by Joanna Rutkowska`
			`- [On Formally Verified Microkernels (and on attacking them)](http://theinvisiblethings.blogspot.com/2010/05/on-formally-verified-microkernels-and.html) by Joanna Rutkowska`
			`- [Following the White Rabbit: Software Attacks against Intel® VT-d](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) by Rafal Wojtczuk and Joanna Rutkowska`
QubesResearch changed Initial papers list 2010-05-03 17:15:20 +00:00
			`### Application-level security`

"Virtics" source updated - The source was a dead link pointing to an empty dokuwiki page. I changed it, but please review the source. I guess this notice is not useful any more: (We plan to implement some ideas from Matt's thesis in Qubes very soon -- stay tuned for details) 2015-07-14 16:41:11 +00:00			`- [Virtics: A System for Privilege Separation of Legacy Desktop Applications](http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-70.pdf) by Matt Piotrowski`
QubesResearch changed Initial papers list 2010-05-03 17:15:20 +00:00
QubesResearch changed Added link to Xoar paper 2012-01-22 11:01:18 +00:00			`### VMM/Xen disagregation`

Remove zero-width spaces (U+200B) left by trac 2015-05-08 13:17:21 +00:00			`- [[http://tjd.phlegethon.org/words/sosp11-xoar.pdf](http://tjd.phlegethon.org/words/sosp11-xoar.pdf) "Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor] by Patrick Colp at el.`
			`(Also see [this thread on xen-devel](http://www.gossamer-threads.com/lists/xen/devel/230011))`
QubesResearch changed Added link to Xoar paper 2012-01-22 11:01:18 +00:00