mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-18 12:14:42 -05:00
27 lines
1.4 KiB
ReStructuredText
27 lines
1.4 KiB
ReStructuredText
|
=====================
|
|||
|
|
Security design goals
|
|||
|
|
=====================
|
|||
|
|
|
|||
|
|
|
|||
|
|
Qubes OS implements a security-by-isolation (or
|
|||
|
|
security-by-compartmentalization) approach by providing the ability to
|
|||
|
|
easily create many security domains. These domains are implemented as
|
|||
|
|
lightweight Virtual Machines (VMs) running under the Xen hypervisor.
|
|||
|
|
Qubes’ main objective is to provide strong isolation between these
|
|||
|
|
domains, so that even if an attacker compromises one of the domains, the
|
|||
|
|
others are still safe. Qubes, however, does not attempt to provide any
|
|||
|
|
security isolation for applications running within the same domain. For
|
|||
|
|
example, a buggy web browser running in a Qubes domain could still be
|
|||
|
|
compromised just as easily as on a regular Linux distribution. The
|
|||
|
|
difference that Qubes makes is that now the attacker doesn’t have access
|
|||
|
|
to all the software running in the other domains.
|
|||
|
|
|
|||
|
|
Qubes also provides features that make it easy and convenient to run
|
|||
|
|
these multiple domains, such as seamless GUI integration into one common
|
|||
|
|
desktop, secure clipboard copy and paste between domains, secure file
|
|||
|
|
transfer between domains, disposable VMs, and much more. Qubes also
|
|||
|
|
provides an advanced networking infrastructure that allows for the
|
|||
|
|
creation of multiple network VMs which isolate all the world-facing
|
|||
|
|
networking stacks and proxy VMs which can be used for advanced VPN
|
|||
|
|
configurations and tunneling over untrusted connections.
|