Qubes Architecture Next Steps: The GUI Domain

Here's adetailed blog post on how the Qubes distribution is working to isolatethe graphical interface from the rest of the system. "The upcoming4.1 release changes this protocol to a more flexible form. It will nolonger use direct memory addresses, but an abstract mechanism in which theqube has to explicitly allow access to a particular memory page. In ourcurrent implementation - under Xen - we use the grant tables mechanism,which provides a separate memory allocation API and allows working ongrants and not directly on memory pages. Other implementations will also bepossible: whether for another hypervisor (e.g. KVM) or for a completelydifferent architecture not based on shared memory (e.g. directly sendingframes to another machine)."