Recap

Last week, I wrote a post talking about why we need secure operating systems. So with the need to better secure our systems, how can this be achieved? What examples are being set?

Methods

First off, we must have a basic understanding of how security can be achieved. Joanna Rotkowska summarizes the methods to security in her blog. Joanna is the project lead for Qubes OS, one of the examples we will be discussing momentarily. The methods to security are:

  1. Correctness
  2. Isolation
  3. Obscurity

So which of these can be relied upon?

Correctness

The problem is getting to 'good code. https://xkcd.com/844/

Correctness is a beautiful idea, but is not feasible. In 2015 the Linux kernel itself was over 20 million lines of code. Back in 2012 Debian as a standard distribution was over 419 million lines of code. Verifying this too be 100% correct and without potential for defects is impossible.

Isolation

Isolation is a great way towards security. We already use this for some level of security. Virtualization allows us to separate out different parts without having them be able to touch, and protects part of the system in case of a breach. Monolithic kernels without mainstream systems do prevent virtualization across a system in some core ways, which may need to change.

Obscurity

Obscurity is another way that is attempted. Obscurity's focus is making it harder to attack and slowing down an adversary. Eventually they will get the right part or series of actions to exploit an issue, but at least it will take more work. This is the theory behind Address Space Layout Randomization and obfuscation of code and binary files. This does bring in some new issues for optimization and debugging, though.

Tails

So now that we have an understanding of what helps create a secure system, what methods have current security systems taken?

Well, Tails took a different approach than the three that Joanna proposed. Tails is The Amnesiac Incognito Live System. As its name suggests it's primary security is by hiding and by forgetting. Tails specializes in booting off a flash drive and trying to not save any files. While it is still possible to save files and even encrypt them in Tails it is not recommended, as it could create problems by leaving a trace. This is even more troublesome due to metadata that could be identifiable.

The second method of security in Tails is using Tor and I2P to secure internet connections. Tor is enabled for all connections by default while running Tails. While Tor may not be a perfect security measure, as we have seen and heard in the past couple of years, it still will help prevent attacks from none state-level actors. Even with state level actors it will at least make it a slightly larger headache to track your connections.

Qubes OS

Qubes OS being led along by Joanna means that it follows at least part of her suggestions towards security. Qubes OS is focused around the idea of security by isolation. The whole system runs on top of a Xen hypervisor and separates out different parts of the system. The first part of the system is called domain 0 and controls the base operations of the system and must be kept secure. As such most storage devices and other accessories are kept from touching domain 0 when possible.

After this, different Qubes are set up to handle different sets of tasks. This means that you can have an isolated area to access your bank accounts, an area for your work, and an area for sites or applications you may not trust.

Qubes are separated out by colored borders around their windows and can be created or destroyed by the user. Without a breach of Xen's isolation, separate Qubes remain secure if another Qube is breached. This means that while it may still have some of the same bugs as other Linux derivatives, the effects can be further limited.

Next:

Next we will discuss what other problems will still plague systems even if we can implement the suggestions and leads from Tails and Qubes OS.

After that, we will discuss the biggest security issue that we face and the problem that it poses for securing our systems.

 

Feedback?

What are your thoughts on securing operating systems? Would you use something like Tails or Qubes OS to try  to protect yourself? What else can we do?