You need a HTML5 browser to see the fancy header.

QubesOS is known as a secure operating system (tag line: A reasonably secure operating system :D). Yomimono, hannes and I worked on a lightweight firewall for QubesOS, based on the original by Thomas Leonhard. Via packet filter rules, a firewall restricts unwanted access to the network, and is an important part of the security concept. QubesOS allows the user to run applications in different, separate virtual machines. An attack, for example on the browser, is then limited to the virtual machine the browser runs on.

The existing Linux-based firewall for QubesOS uses a lot of memory, which is a shared resource among all virtual machines and thus limited. The firewall based on the minimal operating system MirageOS uses less memory, and has a smaller attack surface.

The first milestone was the development of a state machine to classify network packets. This step also included a good test coverage and the use of fuzz testing via the crowbar library, which combines AFL with property based testing in OCaml. All these building blocks were combined into a unikernel which can read rule changes from QubesOS via the Qubes database. Also, we integrted a DNS client, to make it possible to write rules in a human readable form containing domain names, and not just as machine readable IP addresses.

The user group of this project consists of activists, journalists, security professionals and other users of the Qubes operating system. Using the lightweight firewall, they can work better since it uses less memory, and they can conveniently change filter rules without having to rebuild the firewall like in the past. In the past, some users were forced to switch off the firewall due to memory restrictions.

The firewall is not available as a template vm in Qubes yet, although this is a longterm goal. Currently, there is an obstacle: Qubes uses a new virtualization scheme in its latest version, other than MirageOS (pv vs pvh). MirageOS cannot handle this yet, and the user has to switch the virualization mode manually to the old mode until MirageOS supports the new mode. It is already possible to download the firewall release from GitHub or to build it manually from source. Of course it would be most convenient to select it from the Qube template dropdown directly.

All Qubes users can use the lightweight firewall and save memory. It is written in OCaml, a functional programming language with advantages regarding secure programming (e.g. memory safety, immutability by default). It was announcend on the qubes users mailing list and has a group of existing users already.