The security of different virtualization systems, specifically comparing Qubes hypervisor with separation kernels like INTEGRITY-178B and LynxSecure
I've often heard that Qubes is considered one of the most secure virtualization options because it uses a small Xen hypervisor, which is only about 150KB in size. However, even Qubes isn't immune to side-channel attacks, such as the Spectre vulnerability or exploits targeting Xen.
On the bright side, there are impressive virtualisation systems designed to mitigate these types of exploits. For instance, INTEGRITY-178B, which uses a separation kernel, can prevent the Spectre vulnerability (source:https://www.ghs.com/products/safety_critical/integrity_178_virtualization.html).
Another example is LynxSecure, which has a code size of just 15KB and aims to mathematically prove that its separation kernel is unhackable (source:https://www.lynx.com/embedded-systems-learning-center/what-is-a-separation-kernel).
I'm considering using these virtualisation systems instead of Qubes OS.
- Could you explain the security disadvantages of Qubes as a virtualisation kernel?
- Also, can these systems defend against attacks like covert channel attacks? (reference: https://en.wikipedia.org/wiki/Multilevel_security#Debate:_%22There_is_no_such_thing_as_MLS%22).
- Lastly, why do open-source virtualization systems not typically adopt a separation kernel approach?
