Presentation Material
Abstract
Bheem OS is a next-generation reasonably secure operating system. It takes the security by isolation principle from Qubes OS further by virtualizing every application and most OS functions into rust MicroVMs. In doing this, it is surprisingly able to provide more usability and performance thanks to kvm, virtio and crosvm and improved architecture.
In this talk, we will:
Delve into subsystems of a modern operating system from the display, networking, filesystem, input, USB, PCI devices, etc., and how they are isolated and exposed in a secure way to applications and user environments. Cover aspects of managing operating systems that we are now able to do more effectively such as network and process package management, updates, logging & monitoring, access controls, backup and restore, permissions, credentials, etc. Explore a new concept of secure, isolated user workspaces/profiles that will eliminate the need for multiple computers for work and personal usage. How is it more usable than Qubes OS?
Strong focus on UI/UX. It will look great! The graphics performance is better inside the App VMs with virtio-gpu allowing even 4k playback No need for app/workspace management for isolation, every app is isolated by default even in the same workspace. Easier to make the switch. You can use KDE, Gnome, i3, or any desktop environment you choose per workspace/profile. Easily switchable profiles make context switching and isolation natural and seamless. Run Android, Linux, Windows, and Mac Apps in one OS. You can even have a Gaming workspace with GPU passed through for gaming. Overall this talk will introduce the user to a new realm in the Operating system that one can download and use right now, at least a beta version of it.
AI Generated Summarymay contain errors
Here is a summary of the content:
The speaker is discussing a tool called VM Pack, (Virtual Machine Pack) that allows users to run applications in a virtual machine on top of a Linux-based operating system. The tool provides a seamless experience, , with features like clipboard sharing, and webcam support.
The benefits of using VM Pack include:
- Zero-trust security: Users don’t need to trust the applications or the OS.
- Reduced attack surface: The VM image can be hardened at runtime by removing unnecessary components like shells and Python.
- Customizability: The tool allows for custom kernel options and removal of unused applications during build time.
The speaker also mentions that this technology has the potential to decentralize the web, making it more open-source, self-hosted, and federated.
Additionally, the speaker credits other projects such as Cubes OS and Spectrum OS for their work on similar concepts.
During the Q&A session, a question is raised about securing the host services that manage passthrough devices, file systems, and clipboard sharing. The speaker responds by explaining that VM Pack sandboxes these services as Linux processes, reducing the attack surface significantly.
Overall, the talk focuses on the potential of VM Pack to provide a secure and customizable way to run applications in virtual machines, with implications for decentralizing the web.