Google Summer of Code with Qubes OS

Qubes OS

Qubes OS is a security oriented operating system. It provides security through compartmentalization. The user can run various qubes (virtual machines) on top of the Xen hypervisor. Qubes OS provides secure communication and networking services between these Virtual Machines along with a secure GUI so that the user experience remains great and the security is also ensured (provided that the user does not mess up).

How does Qubes OS provide security? (from the qubes docs)

Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes.

This approach allows you to keep the different things you do on your computer securely separated from each other in isolated qubes so that one qube getting compromised won’t affect the others. For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk. Similarly, if you’re concerned about malicious email attachments, Qubes can make it so that every attachment gets opened in its own single-use disposable qube. In this way, Qubes allows you to do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop.

Moreover, all of these isolated qubes are integrated into a single, usable system. Programs are isolated in their own separate qubes, but all windows are displayed in a single, unified desktop environment with unforgeable colored window borders so that you can easily identify windows from different security levels. Common attack vectors like network cards and USB controllers are isolated in their own hardware qubes while their functionality is preserved through secure networking, firewalls, and USB device management. Integrated file and clipboard copy and paste operations. make it easy to work across various qubes without compromising security. The innovative Template system separates software installation from software use, allowing qubes to share a root filesystem without sacrificing security (and saving disk space, to boot). Qubes even allows you to sanitize PDFs and images in a few clicks. Users concerned about privacy will appreciate the integration of Whonix with Qubes, which makes it easy to use Tor securely, while those concerned about physical hardware attacks will benefit from Anti Evil Maid.

My Qubes OS configuration

I discovered Qubes OS last December, but I did not start using it until March (I was swept up by the #archlinuxmasterrace). I initially installed Qubes OS on an external HDD, but it was too slow, so after a few weeks I installed it directly on my laptop. (RIP Archlinux. Or so I thought. Turns out the archlinux template is well maintained by the qubes community, so it’s actually a win-win!). I just knew I had to switch to Qubes OS, when I got to know that even Snowden uses and recommends it.

The installation wasn’t straightforward though. I ran into one of the UEFI issues, but the qubes documentation was helpful enough to solve it. Another time, when I was running Qubes off of the external HDD, I ended up rendering my system useless while trying to configure sys-usb which doesn’t work on my laptop anyways. So, while booting, the qubes os wasn’t detected. I had to fix this issue by re-installing everything. So yeah, the installation phase itself took a few weeks till I had a stable Qubes OS on my system which I could trust not to break on me.

I started off by using the default xfce4 desktop environment, but it felt too clumsy after having used i3 for quite some time. So, I switched to i3wm after a couple of weeks and that made my Qubes OS experience completely awesome. Sure, I had to do some tweaks here and their to get everything properly working for i3, but once it did work, it felt really great.

Here’s what it looks like. (Forgive me, I’m a sucker for everything cyberpunk)

Some additions I had to make to the default i3 config file to configure the i3lock, pulseaudio controls, screen brightness etc.:

bindsym $mod+l exec "i3lock -i /home/feignix/lock.png"

#Pulse Audio controls
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume 1 +5%
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume 1 -5%

#Screen brightness
bindsym XF86MonBrightnessUp exec xbacklight -inc 2
bindsym XF86MonBrightnessDown exec xbacklight -dec 2

I also recommend adding the qvm-screenshot-tool.

Also, I added some shortcuts to start up applications in specific qubes.

# personal VM shortcuts

bindsym $mod+Control+t exec "qvm-run -a personal terminator"
bindsym $mod+Control+e exec "qvm-run -a personal emacs"
bindsym $mod+Control+f exec "qvm-run -a personal firefox"
bindsym $mod+Control+v exec "qvm-run -a personal 'vlc ~/Music'"

#work VM shrotcuts

bindsym $mod+Mod1+t exec "qvm-run -a work terminator"
bindsym $mod+Mod1+e exec "qvm-run -a work emacs"
bindsym $mod+Mod1+f exec "qvm-run -a work firefox"
bindsym $mod+Mod1+m exec "qvm-run -a work thunderbird"

With 8 gigs of RAM, I usually can run around 5-7 qubes without hindering the performance too much. Unfortunately sys-usb doesn’t work for my laptop because of some issues with the USB 3.0 strict reset issues. I only have one PCI controller for USB, so I can’t even disable the USB 3.0 one as the qubes-docs suggest, and neither does my BIOS menu provide an option to disable USB 3.0. So, :( . I definitely need a better computer now.

Update : I finally got sys-usb to work! This is what worked for me.

Initially I had thought that since Qubes OS is offering such security, it must hinder productivity. But I was so wrong. Qubes OS has infact improved my productivity by compartmentalization itself. Instead of having all my eggs in a single basket, I now have all those eggs properly sorted in different baskets. The OS provides so many efficient and secure services for inter-vm communication and networking, that productivity is not affected at all. It sure takes time getting used to everything, but now after having used Qubes OS for around 3-4 months, I don’t think I will stop using it in the forseeable future.

Google Summer of Code

Around the same time that I discovered Qubes OS, Google kicked off their Summer of Code program. So imagine how excited I was when I got to know that Qubes OS had been selected as a mentoring organization! This was the perfect opportunity for me to get used to the operating system and also reading and possibly improving upon the source code. When I was already thrilled, I recived another pleasant surprise. One of the projects in the ideas page involved static and dynamic analysis of the qubes components. Now, in the field of computer science I am most passionate about the following things: information security, privacy, anonymity, free and open source software, and memory corruption bugs/vulns. This was an all in one deal (unlike how Qubes would like it ;) iykwim).

So I decided that I will work hard on getting familiar with the qubes terminology, the tools that would be needed for static and dynamic analysis, and write a good proposal. I had a few discussions with my mentor, and I submitted my final proposal after working on his suggestions.

And after a month or so I recived an email from Google that I had been selected! w00t w00t!

Well, I too look forward to a great summer with Qubes OS too :). I’ll keep writing regular progress reports on this blog itself.

I would like to thank my mentor Jean-Philippe, and the other qubes developers for guiding me through the entire process. Also, a big shoutout to Karan Desai, Jay Bosamiya, Harjot Singh and all the folks at SDSLabs and InfoSecIITR for motivating me for GSoC.