Enhancing Qubes with Rumprun unikernels


[from the original at: http://northox.github.io/qubes-rumprun]

This post is the first of a series and assumes you have some basic understanding of Qubes’ reason being, structure and terminology.

For some time, I’ve been asking myself how to enhance Qubes. Working with different security domains implemented as VMs running traditional Operating System with monolithic kernels comes at a price:

  • The user experience drawbacks of managing memory-hungry concurrent VMs (≥ 300MB), e.g. freeing some memory by stopping a VM to start another, or waiting for a VM to boot (~8.5s) to launch an app and sometimes only to execute something which takes a fraction of this time.
  • From a security perspective, memory consumption limits our ability to introduce more domain segmentation.

Continue reading…