Bringing Qubes OS to the enterprise
Qubes OS takes a uniquely effective approach to security. While the cybersecurity threats to companies and individuals have sharply increased in both number and sophistication over the past decade, conventional operating systems have done comparatively little to meet these threats. Most of them still rely on antiquated methods like antivirus scanning for security. The problem with such approaches is that they are inherently reactive in nature. At best, they can indicate that systems have been compromised after the fact, but they cannot prevent whole systems or networks from being compromised to begin with, much less offer any protection against the sophisticated threats enterprises face, such as zero-day exploits.
By contrast, Qubes has pioneered an approach called Security by Compartmentalization, which allows users to compartmentalize different digital activities into securely isolated compartments called “qubes” so that if one qube is compromised, the others remain unaffected. Moreover, Qubes seamlessly integrates all of these secure containers into a unified desktop environment, providing a decisive advantage in user experience and productivity over traditional methods of isolation.
System-level security research
We specialize in system-level security research, including:
Kernel security (kernel compromises, advanced rootkits, integrity checking, kernel exploitation techniques, design and implementation review of kernel/system code)
Virtualization security (attacks on hypervisor/VMM, secure VMM design, hypervisor design and implementation review)
Firmware security (BIOS/SMM/chipset exploitation, code review)
Advanced security technologies (VT-x, VT-d, AMD-v, TXT, TPM)
Whereas most teams specialize exclusively in either offensive or defensive security, ours is renowned in both. Rutkowska and her team have presented numerous attacks against virtualization systems and Intel security technologies, including a famous series of exploits against Intel Trusted Execution Technology. Their attack against Intel VT-d, allowing a full VM escape, is still the only one that has been demonstrated to this date, and they famously demonstrated that it is possible to break into Intel vPro BIOS and Active Management Technology. Rutkowska is also renowned in the security community for writing Blue Pill, the first hardware virtualization-based rootkit, introducing Evil Maid attacks, and for her work on kernel-mode malware for Windows and Linux. This expertise in how to “break” secure systems gives us a unique advantage in building them: We know how to think like attackers, and we understand how to design systems to be truly secure from the ground up.
Chief Executive Officer
Michał is an experienced technology project manager. He has been a partner in several technology commercialization projects, where he has facilitated interactions between scientific and technical teams, and he has experience as a business development manager for hardware security devices, including smart cards, tokens, and hardware security modules (HSMs). He was the coordinator of the European Union project for the Cities of Scientific Culture in Warsaw, Poland and a working group member in the longest-running European framework supporting transnational cooperation among researchers, engineers, and scholars across the continent. He has supported public environmental protection and climate change initiatives and consulted on the building and processing of large spatial databases. Michał is a doctoral candidate in physics in the College of Interfaculty Studies in Math and Natural Sciences at the University of Warsaw.
mich@. PGP Key Fingerprint:
6B52 7FE5 6308 5B7A 34B9 6C2F 8F90 3F3E 5662 199B
Chief Technology Officer
Marek is an experienced system architect and Linux administrator. He specializes in security, virtualization and high availability. He has designed many security-oriented systems based on various different technologies — from simple passwords and keys through OTP to advanced multi-factor solutions based on tokens, cryptographic cards and biometrics. He also has accomplishments in the field of attacks on contactless cryptographic cards. His work as an active open-source contributor can be found in projects like Linux kernel, Linux-HA, Xen, and, of course, Qubes OS. Marek holds a master’s degree in computer science from the University of Warsaw.
marmarek@. PGP Key Fingerprint:
86BA 6E93 318F BA44 6642 A90A DB8F D31C CAD7 D72C
Andrew David Wong
Chief Communications Officer
Andrew is the Community Manager of the Qubes OS Project. In this role, he advocates for the interests of Qubes users and functions as a developer liaison, facilitating fruitful interaction between ITL and the Qubes community. He focuses on communicating his experience with and technical knowledge of Qubes in a way that is clear and understandable to prospective clients and users. He wrote much of the documentation and website for Qubes and manages the issue tracker and community-developed features. Andrew holds a doctorate in philosophy from the University of California, San Diego.
adw@. PGP Key Fingerprint:
BBAF 910D 1BC9 DDF4 1043 629F BC21 1FCE E9C5 4C53
Founder & Former Chief Executive Officer
Joanna Rutkowska is a founder of Invisible Things Lab and the Qubes OS project, which she has been leading since its inception in 2010. Prior to that she has been focusing on system-level offensive security research. Together with her team at ITL, she has presented numerous attacks on virtualization systems and Intel security technologies, including the famous series of exploits against the Intel Trusted Execution Technology (TXT), the still-only-one software attack demonstrating Intel VT-d escape, and also supervised her team with the pioneering research on breaking into the Intel vPro BIOS and AMT/MT technology. She is also known for writing Blue Pill, the first hardware virtualization-based rootkit, introducing Evil Maid attack, and for her prior work on kernel-mode malware for Windows and Linux in the early 2000s.
joanna@. PGP Key Fingerprint:
ED72 7C30 6E76 6BC8 5E62 1AA6 5FA6 C3E4 D9AF BB99
Invisible Things Lab can be contacted via email at:
All ITL members can be contacted individually using:
If you have a speaking request for Joanna Rutkowska, please read this page first. Please note that ITL, like many other companies, uses a commercial Mail Service Provider (MSP) for its email hosting. This means that all email messages traverse through a third party mail server unencrypted (even if SSL/TLS is used to transfer messages between servers). The MSP thus has, by definition, unrestricted access to any unencrypted email sent to and from ITL. This means that all unencrypted email messages should be treated as if they are being read by third parties. Please use encryption when sending sensitive information to ITL (see our PGP key below). ITL cannot be held responsible for any potential leaks of information sent via unencrypted email.
Our general PGP key for email encryption can be found here. Individual PGP keys can be found under each member profile above. In order to exclude the possibility of Man-in-the-Middle attacks, you are encouraged to verify the fingerprints of all keys before use. This can be done either by phone or by looking on the backs of our business cards. This website should not be trusted for key verification.