qubes-doc/QubesResearch.md

---
layout: wiki
title: QubesResearch
permalink: /wiki/QubesResearch/
---

Here are some links to various papers/research projects that somehow relate to Qubes.

### Attacks on Intel TXT

-   [Attacking Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf) by Rafal Wojtczuk, Joanna Rutkowska
-   [ACPI: Design Principles and Concerns](http://www.ssi.gouv.fr/IMG/pdf/article_acpi.pdf) by Loic Duflot, Olivier Levillain, and Benjamin Morin
-   [Another Way to Circumvent Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf) by Rafal Wojtczuk, Joanna Rutkowska, Alex Tereshkin
-   [Attacking Intel TXT® via SINIT code execution hijacking](http://www.invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT_hijacking.pdf) by Rafal Wojtczuk and Joanna Rutkowska

### Software attacks coming through devices

-   [Can you still trust your network card?](http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf) by Loïc Duflot, Yves-Alexis Perez and others
-   [Remotely Attacking Network Cards (or why we do need VT-d and TXT)](http://theinvisiblethings.blogspot.com/2010/04/remotely-attacking-network-cards-or-why.html) by Joanna Rutkowska
-   [On Formally Verified Microkernels (and on attacking them)](http://theinvisiblethings.blogspot.com/2010/05/on-formally-verified-microkernels-and.html) by Joanna Rutkowska
-   [Following the White Rabbit: Software Attacks against Intel® VT-d](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) by Rafal Wojtczuk and Joanna Rutkowska

### Application-level security

-   [Virtics: A System for Privilege Separation of Legacy Desktop Applications](http://radlab.cs.berkeley.edu/wiki/Virtics) by Matt Piotrowski
    (We plan to implement some ideas from Matt's thesis in Qubes very soon -- stay tuned for details)

### VMM/Xen disagregation

-   [[http://tjd.phlegethon.org/words/sosp11-xoar.pdf](http://tjd.phlegethon.org/words/sosp11-xoar.pdf) "Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor] by Patrick Colp at el.
     (Also see [this thread on xen-devel](http://www.gossamer-threads.com/lists/xen/devel/230011))
-												QubesResearch changed

Initial papers list

											
										
										
											2010-05-03 13:15:20 -04:00
+								---
 								layout: wiki
 								title: QubesResearch
 								permalink: /wiki/QubesResearch/
 								---
 								Here are some links to various papers/research projects that somehow relate to Qubes.
 								### Attacks on Intel TXT
 								-   [Attacking Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf) by Rafal Wojtczuk, Joanna Rutkowska
-												QubesResearch changed

Corrected link to Loic's ACPI paper

											
										
										
											2010-05-04 05:13:55 -04:00
+								-   [ACPI: Design Principles and Concerns](http://www.ssi.gouv.fr/IMG/pdf/article_acpi.pdf) by Loic Duflot, Olivier Levillain, and Benjamin Morin
-												QubesResearch changed

Initial papers list

											
										
										
											2010-05-03 13:15:20 -04:00
+								-   [Another Way to Circumvent Intel® Trusted Execution Technology](http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf) by Rafal Wojtczuk, Joanna Rutkowska, Alex Tereshkin
-												QubesResearch changed

Added links to our recent papers on attacks against VT-d and TXT

											
										
										
											2012-01-22 06:04:32 -05:00
+								-   [Attacking Intel TXT® via SINIT code execution hijacking](http://www.invisiblethingslab.com/resources/2011/Attacking_Intel_TXT_via_SINIT_hijacking.pdf) by Rafal Wojtczuk and Joanna Rutkowska
-												QubesResearch changed

Initial papers list

											
										
										
											2010-05-03 13:15:20 -04:00
 								### Software attacks coming through devices
 								-   [Can you still trust your network card?](http://www.ssi.gouv.fr/IMG/pdf/csw-trustnetworkcard.pdf) by Loïc Duflot, Yves-Alexis Perez and others
 								-   [Remotely Attacking Network Cards (or why we do need VT-d and TXT)](http://theinvisiblethings.blogspot.com/2010/04/remotely-attacking-network-cards-or-why.html) by Joanna Rutkowska
 								-   [On Formally Verified Microkernels (and on attacking them)](http://theinvisiblethings.blogspot.com/2010/05/on-formally-verified-microkernels-and.html) by Joanna Rutkowska
-												QubesResearch changed

Added links to our recent papers on attacks against VT-d and TXT

											
										
										
											2012-01-22 06:04:32 -05:00
+								-   [Following the White Rabbit: Software Attacks against Intel® VT-d](http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf) by Rafal Wojtczuk and Joanna Rutkowska
-												QubesResearch changed

Initial papers list

											
										
										
											2010-05-03 13:15:20 -04:00
 								### Application-level security
-												QubesResearch changed

Added link to Matt's thesis on virtics

											
										
										
											2010-05-18 17:08:53 -04:00
+								-   [Virtics: A System for Privilege Separation of Legacy Desktop Applications](http://radlab.cs.berkeley.edu/wiki/Virtics) by Matt Piotrowski
 								    (We plan to implement some ideas from Matt's thesis in Qubes very soon -- stay tuned for details)
-												QubesResearch changed

Initial papers list

											
										
										
											2010-05-03 13:15:20 -04:00
-												QubesResearch changed

Added link to Xoar paper

											
										
										
											2012-01-22 06:01:18 -05:00
+								### VMM/Xen disagregation
 								-   [[http://tjd.phlegethon.org/words/sosp11-xoar.pdf](http://tjd.phlegethon.org/words/sosp11-xoar.pdf) "Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor] by Patrick Colp at el.
 								     (Also see [this thread on xen-devel](http://www.gossamer-threads.com/lists/xen/devel/230011))