[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    [qubes-devel] Compromise recovery on Qubes OS
From:       Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date:       2017-04-26 11:40:15
Message-ID: 20170426114015.GF7540 () work-mutt
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

Just a FYI that we have recently implemented a so called "Paranoid Mode" backup
recovery for Qubes OS. Arguably this is a new approach to dealing with full
system compromises (thanks to Qubes architecture (TM)).

The packages for Qubes 3.2 that bring this functionality are currently in the
qubes-dom0-current-testing repository [1]. Note that you need these packages on
a fresh system where you want to restore to, and only there.

I also wrote a post [2] explaining the rationale for this, as well as how it is
implemented, and what are still the limitation in 3.2, and how these will gone
in 4.0. The post also touches on AppVM compromise recovery challenges and how
Qubes OS might help here also.

Of course I wish we all didn't have to use this feature too often... :/

Cheers,
joanna.

[1] https://github.com/QubesOS/qubes-issues/issues/2737
[2] https://www.qubes-os.org/news/2017/04/26/qubes-compromise-recovery/
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJZAIceAAoJEDOT2L8N3GcYGxgQAKMdaO/1VBOXh8RD4kMmiS7K
KTHvQuU+V0iP20KHSEh9kt/QSM2DV9ru7hIfNNo44LlU2dxDLJ6NFtykC6bZvdjN
Vk93f2iOaRSrKclwEXRaa/Bo399ZE0pMXOO4alHHaMerYkFCn4WEtwYQB8mclgyI
TvaF9X+EUdpa7DZsO4wHONYqLu722wvjprDHnAyQjYwyrhdiRXEmABCr6FkT5Dx/
isRJR7JIOTyt1Fa80oqwjyaA+6RxCoBjM4IjqIhxHs6ebAgnNd7vRpbZglqnEVi7
CWYMqYxm83F1mO/W+GqufIXw2UvRF1RyHl4hRVfEtjltwZpvsgFUMofHcTAQzM2X
1GGMXM+8Di+1lYmPJf4rM4FzkYvUL/DlA+BMPRWRw05hCsBvn+t0AjLUOa7RgSlH
Vr3fLAdpFCSAvkunc/tM9DHcR7UyWiRU/4WS9Fdl2U1ekaqPxMToNLF/FFfYT2y1
HTMkhX9rAgZvIynmbpH1yjaKVJgGSfLI/U9Il/1OETWO4p0b+iXuEM2HZQ/Oqwz3
qYf+LCWAJRWokf46E7YIPmO4OhMD29EjgUyCEX6nFJWGI4Lx7EBB+coRlm7Nm6P1
mNZM5wnkCLVF47l6RL5+uiHQjvDaOxNefIchMAiLY4yeERdgoJJlo+DGdbdsX5KC
spbT/xcjj1p2DkLbIWDK
=deyL
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20170426114015.GF7540%40work-mutt. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]