While tools for message encryption have become easier to use in recent years, one gaping hole remains in many people's infosec: the security of the device they use (their “end-point”). A new secure operating system called Subgraph OS aims to make resisting hacking attacks easier, even on fairly low-powered laptops.
“It's designed for anybody who wants an end-point that's resistant against remote network exploitation,” David Mirza Ahmad, president of Subgraph, said in a phone interview. Subgraph’s four-man team recently received funding from the Open Technology Fund (OTF) to work on the operating system; the OTF is ultimately funded by grants from Congress.
Although security-focused operating systems do exist, they are sometimes very resource intensive, and can only be run on specific hardware. Often they’re also a real technical challenge to use, possibly alienating people who are most at risk of attacks but who don't know the advanced techniques necessary to get a secure OS up and running.
“We wanted to improve the security for activists, [and] journalists,” Ahmad said.
Subgraph OS is a relatively lightweight, Linux-based operating system which comes with a slew of security features that its developers hope will be more accessible to general users. It will be presented at the upcoming Logan CIJ Symposium, a journalism-cum-technology conference, in Berlin in March.
Possibly the most interesting security feature of Subgraph OS is “Oz,” a system for isolating programs so that if an attacker successfully exploits a vulnerability in one application—such as a PDF viewer—the rest of the machine and network should remain largely unaffected.
Oz does this by limiting the access that each application has to other parts of the computer: a program may be denied access to the user's other files so an attacker cannot steal a target's documents or encryption keys, for example, or an application might not be allowed to make network connections in order to prevent hackers extracting stolen data.
“If an application doesn't need a network interface, it doesn't get one,” Ahmad said. “If an application doesn't need audio, it doesn't get audio.”
"We want to make the exploits fail in the first place"
Conceptually, this approach has similarities to Qubes OS, another security-focused operating system. But while Qubes OS typically runs different isolated domains in different virtual machines—one for your work, one for your personal use, etc.—Subgraph OS isolates individual applications on a more granular level.
Subgraph OS is also hardened by Grsecurity, a series of patches Ahmad explained were designed to make “memory corruption vulnerabilities far more difficult to exploit.”
“We want to make the exploits fail in the first place,” Ahmad said.
Full disk encryption is also mandatory on Subgraph OS, which slows down attackers with physical access to the computer, and the team is working on reproducible builds; that is, a stronger process for determining that the downloaded OS is a legitimate version. On Sunday, developers behind Linux Mint announced that a hacker had compromised their website and briefly distributed a backdoored version of their operating system.
Subgraph OS also routes all of the user's traffic through the Tor anonymity network, making it harder for an attacker to figure out where the target is physically located. Ahmad stressed, however, that the project is focused more on security than anonymity.
One of the project's main aims is useability. “We don't think it's an impossible goal,” Ahmad said.
In my tests, Subgraph OS worked fine out of the box, aside from some bugs that Ahmad pointed out and provided workarounds for (the project is still in a pre-alpha stage). Those fixes required some use of the Linux command line, and users will probably need some experience of using a terminal to get the most out of their system. In sum, Subgraph OS appears easier to get to grips with than other secure options, but likely still requires a learning curve for users switching from, say, Windows or OSX for the first time. I ran Subgraph OS in virtual machines with 2GB and 4GB RAM.
Dan Meredith, principal director of the OTF, said in a phone call that he was excited to see another option emerging for journalists and activists, especially in authoritarian countries.
In summing up Subgraph OS, Ahmad said, “For now, we are working to mitigate the types of attacks that are most commonly directed towards targeted individuals over the internet.”