OpenSecurity: Open Source Security Solutions Protecting Employees and Data in Public Institutions

The OpenSecurity project was inspired in part by the Qubes OS approach to Security by Isolation. Qubes OS achieves a maximum degree of isolation between applications by instantiating these as virtual machine instances on top of the XEN bare-metal hypervisor. In addition, Qubes OS provides secure channels for file sharing, clipboard data exchange, and the user interface.

However, many public bodies in Austria have historically chosen Windows as their end-user environment, and due to path dependence, are highly constrained against moving away from this standard. As a result, it is required that the OpenSecurity project support deployment to Microsoft Windows clients (specifically, MS Windows 7 64-bit is our reference architecture).

It is clear that this is a suboptimal solution in terms of security; indeed, the shortcomings of Windows in this respect have already been analysed. However, given the prevalence of Windows, this solution will have a bigger potential impact on the public sector. And while the resulting implementation of security by isolation will not be perfectly secure, it will nonetheless offer greatly enhanced security that is also compatible with institutional IT rollout and management processes.

During the coming months, our services will be installed in a limited production environment of two public administration stakeholders. These users will be able to provide feedback directly through the OpenSecurity service, and will also participate in an evaluation workshop and online survey. This feedback will allow us to further refine the service in terms of stability and usability.

Image source: Wikipedia License: CC-BY-SA