Qubes OSQubes OS logo.png


Applications running in different security domains

From Wikipedia, the free encyclopedia
For other uses, see Qubes (disambiguation).
Qubes OS
Developer Invisible Things Lab
OS family Unix-like
Working state Current
Source model Open source (except for Windows Support Tools)[1]
Initial release September 3, 2012[2]
Latest release 2.0[3] / September 26, 2014
Available in Multilingual
Update method Yum (PackageKit)
Package manager RPM Package Manager
Platforms x86-64
Kernel type Hybrid (Xen and Linux)
Userland Fedora
Default user interface KDE
License Free software licenses
(mainly GPL)
Official website [1]

Qubes OS is a security-focused desktop operating system that aims to provide security through isolation.[4] Virtualization is performed by Xen, and user environments are based on Fedora.

On February 16, 2014, Qubes was selected as a finalist of Access Innovation Prize 2014 for Endpoint Security Solution.[5]

Qubes Release 2 can also run Windows AppVMs in seamless mode, integrated onto the common Qubes trusted desktop, just like Linux AppVMs. The seamless GUI integration has been introduced in Qubes R2 Beta 3.



Security goals

Qubes implements a Security by Isolation approach.[6] The assumption is that there can be no perfect, bug-free desktop environment. Such an environment counts millions of lines of code, billions of software/hardware interactions. One critical bug in any of these interactions may be enough for malicious software to take control over a machine.[7]

In order to secure a desktop, a Qubes user should take care of isolating various environments, so that if one of the components get compromised, the malicious software would get access to only the data inside that environment.

In Qubes, the isolation is provided in two dimensions: hardware controllers are isolated into functional domains (GUI, network and storage domains), whereas the user’s digital life is decided in domains with different levels of trust. For instance: work domain (most trusted), shopping domain, random domain (less trusted).[8] Each of those domains is run in a separate virtual machine.

Qubes is not a multi-user system.