From ab8b176c9331b01315fc8b44fa21c610b4b43f73 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 14 Jun 2021 22:07:36 -0700 Subject: [PATCH] Update Security Center intro section The "Security Goals" page is actually more of a statement of the developers' security design goals. It does not realy pertain to *project* security, which is what the "Security Center" page is about, so I'm moving it to the developer docs (index updated in a separate commit). --- project-security/security-goals.md | 8 ++++---- project-security/security.md | 17 ++++++++++------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/project-security/security-goals.md b/project-security/security-goals.md index 2829eabe..ae796a4e 100644 --- a/project-security/security-goals.md +++ b/project-security/security-goals.md @@ -1,8 +1,9 @@ --- lang: en layout: doc -permalink: /security/goals/ +permalink: /doc/security-design-goals/ redirect_from: +- /security/goals/ - /doc/security-goals/ - /en/doc/security-goals/ - /doc/SecurityGoals/ @@ -11,9 +12,8 @@ ref: 210 title: Security Goals --- -Qubes Security Goals -==================== +# Security design goals -Qubes implements a Security by Isolation approach by providing the ability to easily create many security domains. These domains are implemented as lightweight Virtual Machines (VMs) running under the Xen hypervisor. Qubes' main objective is to provide strong isolation between these domains, so that even if an attacker compromises one of the domains, the others are still safe. Qubes, however, does not attempt to provide any security isolation for applications running within the same domain. For example, a buggy web browser running in a Qubes domain could still be compromised just as easily as on a regular Linux distribution. The difference that Qubes makes is that now the attacker doesn't have access to all the software running in the other domains. +Qubes OS implements a security-by-isolation (or security-by-compartmentalization) approach by providing the ability to easily create many security domains. These domains are implemented as lightweight Virtual Machines (VMs) running under the Xen hypervisor. Qubes' main objective is to provide strong isolation between these domains, so that even if an attacker compromises one of the domains, the others are still safe. Qubes, however, does not attempt to provide any security isolation for applications running within the same domain. For example, a buggy web browser running in a Qubes domain could still be compromised just as easily as on a regular Linux distribution. The difference that Qubes makes is that now the attacker doesn't have access to all the software running in the other domains. Qubes also provides features that make it easy and convenient to run these multiple domains, such as seamless GUI integration into one common desktop, secure clipboard copy and paste between domains, secure file transfer between domains, disposable VMs, and much more. Qubes also provides an advanced networking infrastructure that allows for the creation of multiple network VMs which isolate all the world-facing networking stacks and proxy VMs which can be used for advanced VPN configurations and tunneling over untrusted connections. diff --git a/project-security/security.md b/project-security/security.md index 37405d17..cd819b46 100644 --- a/project-security/security.md +++ b/project-security/security.md @@ -18,14 +18,17 @@ title: Security # Qubes OS Project Security Center -- [Security FAQ](/faq/#general--security) -- [Security Goals](/security/goals/) -- [Security Pack](/security/pack/) -- [Security Bulletins](/security/bulletins/) -- [Canaries](/security/canaries/) +This page provides a central hub for topics pertaining to the security of the Qubes OS Project. +For topics pertaining to software security *within* Qubes OS, see [Security in Qubes](/doc/#security-in-qubes). +The following is a list of important project security pages: + +- [Qubes Security Pack (`qubes-secpack`)](/security/pack/) +- [Qubes Security Bulletins (QSBs)](/security/bulletins/) +- [Qubes Canaries](/security/canaries/) - [Xen Security Advisory (XSA) Tracker](/security/xsa/) -- [Why and How to Verify Signatures](/security/verifying-signatures/) -- [PGP Keys](https://keys.qubes-os.org/keys/) +- [Verifying signatures](/security/verifying-signatures/) +- [PGP keys](https://keys.qubes-os.org/keys/) +- [Security FAQ](/faq/#general--security) ## Reporting Security Issues in Qubes OS