[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Introducing xB Machine - The Secure Virtual Workstation



xB Machine is a virtual machine built on the Gentoo platform, and is
designed to provide a strong IP leak-resistant system and network
design, hardened security against local attacks, and access to the Tor
network and XeroBank network. The functional use of the software is for
secure and anonymous communications and financial transactions.

The effect for the end user is that they can use the internet
anonymously and view rich media such as Flash, in addition to the
protection of a relatively hardened and well-featured operating system.

xB Machine can run on VMWare and QEMU.

xB Machine conforms to the Portable Privacy framework:

    - Portability
    - Trustworthiness
    X - Source Code
      - License
      - Fail Securely
      - Imputed Privacy
    - Elegance
      - Appealing
      - Intuitive
      - Easy to Use
      - Self-Contained
    X - Informative of Status
      - Transparency

Source-code, design spec, and security spec is forthcoming. The license
is currently TESLA, but it is expected to become HESSLA or GPL as the
project develops.

The following list is inclusive, not exhaustive.

The current features are as follows:

- Firewalled NIC
- Segmented program partition from userdata filesystem
- Loop AES encrypted userdata filesystem
- Host system integrity check
- Remote encrypted filesystem mounting via WebDavFS/SSHFS
- Proxy autoconfiguration script for selecting the network used.
- Self-Destruct sequence to destroy AES key, and then data wipe of
encrypted user partition.
- Local Exploit Protections (GrSecurity, stack protection, few suids,
and more)
- Support for Tor, xB Plus, xB Pro/Premium. Future support for xB Onion
- Firefox, customized with addons and configurations for speed and
security options. (PrefBar, AdBlock Plus, DOM disabled, Pipelining, etc)
- Thunderbird customized with addons and configurations for speed and
security options. (Enigmail, DOM disabled, Pipelining, etc)
- Pidgin w/ OTR plugin for access to SILC, AIM, MSN, Y!, ICQ, etc. OTR
plugin secures the chat with AES encryption, and uses DH key exchanges
for perfect forward secrecy.
- Generic text editor and image viewer. These will likely be upgraded in
future releases.

Future features:
- PGP keysigned auto-update system
- LiveCD functionality
- xdm to be respected
- Mac Address changing (broken under VMWare)

- Programs spying on network setup
- Programs sending rogue packets

Main Threat Vectors:
- OpenVPN
- Firefox
- Thunderbird
- Pidgin
- etc

Questions, comments, and suggestions are appreciated.

Steve Topletz