Qubes OS

The aim of this thesis was to evaluate the possibilities of virtualization technologies in the field of operating system security and to measure the performance and usability impact of employing virtualization instead of the traditional security mechanisms to justify the need for a novel approach. Current security mechanisms in contemporary operating systems are examined, with an emphasis on the containerization approach represented by Docker, and Mandatory access control (MAC) represented by Security-Enhanced Linux (SELinux). The Qubes OS has been analyzed as an example of security based on virtualization. The experimental part of this thesis consist of two different components. Firstly, the thesis evaluates the extent of performance deterioration when paravirtualization is employed instead of another alternatives, such as native Fedora Linux discribution, the same system using Qubes kernel, Docker containerization and SELinux Sandbox including its variant for GUI application confinement. Secondly, a usability evaluation has been conducted to assess the potential caveats the target user might have to face when working with this operating system. The thesis has concluded the Qubes OS is a viable alternative to a Linux desktop operating system in terms of usability, performance and stability. However, more work has to be done to improve the hardware compatibility, to get a more widespread dissemination amongst casual computer users, which is the main target audience according to its developers.


Faculty of Informatics

Date of Completion

spring 2016



Zdeněk Říha


Jan Pazdziora


Martin Páleník