summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2013-07-18 22:39:22 +0200
committerTails developers <amnesia@boum.org>2013-07-18 22:39:22 +0200
commit9aa55afa0d159d05d8dbea1cf9adce41129286cd (patch)
treed80f30f39516dde49d0a443fd7c751c66e37d243 /wiki/src/blueprint
parent9dd3be6c9841682f12d492924906fd139b4ec554 (diff)
Resurect blueprint.
Diffstat (limited to 'wiki/src/blueprint')
-rw-r--r--wiki/src/blueprint/Two-layered_virtualized_system.mdwn329
-rw-r--r--wiki/src/blueprint/Two-layered_virtualized_system/virtails.pngbin0 -> 126301 bytes
-rw-r--r--wiki/src/blueprint/Two-layered_virtualized_system/virtails.svg1390
3 files changed, 1719 insertions, 0 deletions
diff --git a/wiki/src/blueprint/Two-layered_virtualized_system.mdwn b/wiki/src/blueprint/Two-layered_virtualized_system.mdwn
new file mode 100644
index 0000000..2d8cc63
--- /dev/null
+++ b/wiki/src/blueprint/Two-layered_virtualized_system.mdwn
@@ -0,0 +1,329 @@
+[[!tag todo/research]]
+[[!toc levels=2]]
+
+This is an "unfunded mandate", I'm afraid; I can't work on this. And
+it's a reasonable amount of work.
+
+It is, however, based on a long, long acquaintance with the problem
+space. This is something I was thinking about doing for the old
+Zero-Knowledge Freedom system back in 2000, because of bugs we kept
+finding and attacks we kept coming up with.
+
+If you want to discuss this, I'm jbash at-sign velvet period com .
+
+# The Problem
+
+A lot of code runs inside amnesia: big programs like Web browsers,
+Pidgin (with plugins), OpenOffice (eek!), etc. Each of those programs
+will (not may, but definitely will) have security holes that will leak
+the real IP address of the machine, and possibly other information.
+
+They will also have holes that will allow remote sites to execute
+arbitrary code sent back through Tor connections. This code can then
+grovel through /sys, /proc, and wherever else, and extract an endless
+number of hardware serial numbers, MAC addresses, unique combinations
+of configuration elements, and so forth, any of which may identify the
+user's machine to the remote attacker. That's especially true if the
+remote attacker is in a position to ask a manufacturer who bought a
+given piece of hardware, but that's not the only way of using the
+information.
+
+Exploit code can also try to disable or circumvent the local firewall
+and send traffic that doesn't go through Tor. There are a lot of
+tricks for doing this, especially because all it takes is one packet,
+sent from any part of the system, to a chosen destination without
+going through Tor.
+
+# The Partial Solution
+
+Split amnesia into two parts: an outer, host part running on the
+user's real hardware, and an inner, guest part running in a virtual
+machine. Keep all information about the real identity of the user or
+the user's computer in the outer machine. Keep all applications in the
+inner machine. Mount any storage meant to be writable by the inner
+machine as a virtual device provided by the outer machine. If you
+encrypt the writable storage, the crypto should probably run on the
+outer machine, so that the inner machine doesn't need to have access
+to the key.
+
+Ship the entire inner virtual machine image as part of amnesia, so
+that each instance is identical in every way that can be seen from
+inside... so, for example, the inner machine might always have MAC
+address 00:11:22:33:44:55 , and IP address 10.1.2.3.
+
+Make sure that the face presented to the inner machine by the outer
+machine is also always the same; for example, the inner machine might
+always see the outer machine as a default router at MAC
+00:55:44:33:22:11, with an IP address of 10.1.2.1. You don't want any
+information about the outer machine to leak to the inner machine via,
+say, ARP, or DHCP, or any weird management protocol.
+
+The outer machine should run the hypervisor, and all code that has to
+talk to the "real" network: link-layer supplicants, DHCP client, NTP,
+Tor itself. The inner machine should be able to connect only to the
+Tor port of the outer machine. The outer machine should have a
+firewall configured such that no traffic can ever be relayed directly
+from the inner machine to the network. The only way the inner machine
+can talk to anything should be through Tor.
+
+This includes traffic to the local LAN, BTW; local LAN commmunication
+is a huge security hole, because it's usually easy to get a machine on
+the local LAN to send something to the outside for you, identifying
+the user in the process.
+
+The inner machine can and almost certainly should be aware that it's
+talking through a SOCKS proxy. Trying to be transparent using firewall
+diversion hacks will probably break more things than it fixes.
+
+# Remaining Holes
+
+This change reduces the attack surface a lot, but it's still subject
+to attack through bugs in Tor, bugs in the hypervisor, bugs in the
+outer machine's IP stack, and bugs in the kernel on the outer machine.
+Oh, and bugs in the hardware. The good news is that you have to crack
+the applications before you can attack any of those, so there's some
+defense in depth; it takes knowledge of two unpatched bugs, instead of
+just one, to actually nail the user.
+
+The hypervisor used should be as simple as possible. I don't know
+about Virtualbox, but VMWare is a nightmare of complexity and
+guaranteed to be full of holes. qemu might be a better bet than
+either, simply because it's not so loaded down with features, and does
+fewer things to "help" you (and potentially leak information).
+
+# Interacting With User Virtualization
+
+It's presumably an important use case to have users run amnesia inside
+of virtual machines that are part of the users' regular enviroments.
+As far as I know, no X86 virtualization system will let you nest VMs,
+so that implies that you can't do this trick when amnesia is run under
+the user's hypervisor. Probably the "best" solution would be to
+reconfigure the user's environment to provide the necessary services
+to the amnesia internal virtual machine, but that's also probably an
+unsupportable release nightmare. The alternative would be to fall back
+to something like the way things work now, with Tor running inside the
+virtual machine... but to warn the user that she was operating with
+degraded security.
+
+# Inspiration
+
+* [A Tor Virtual Machine Design and
+ Implementation](https://svn.torproject.org/svn/torvm/trunk/doc/design.html),
+ aka TorVM design document
+* JanusVM
+
+# A promising, alternative solution: Qubes
+
+Qubes is Fedora spin off which takes [security by isolation to the extreme](http://qubes-os.org/Architecture.html): a Xen hypervizor manages user defined "lightweight virtual machines" or "AppVMs" that isolate user processes, and even certain system-components like the network stack, from each other. Appropriate IPC, file and clip-board sharing supposedly works between programs in different AppVMs.
+
+One fine thing with this approach is that it most likely would be easy to fallback to starting processes without these AppVMs in case it's detected that Tails itself runs inside a VM.
+
+The two key questions that remain to answer is:
+
+1. if these AppVMs can be "NAT:ed" or similarly made oblivious to the system interfaces' IP addresses.
+2. if all this can be incorporated into Debian without too much trouble.
+
+Read more at their [homepage](http://qubes-os.org/) and [wiki](http://www.qubes-os.org/trac/wiki).
+
+# Comment from jbash 2010-02-22
+
+I was asked to comment on the Qubes proposal above, and specifically on
+the two questions about NAT and "adapting to Debian". This has gotten
+too long for a comments page
+
+## On Qubes
+
+On Qubes in general: it looks like a cool system and a useful
+approach. I think you could easily put a "Tails VM" (more
+properly a "Tor VM") into it in place of the "Net VM". Since
+you're going to be hacking all over that VM anyhow, no problem to add
+NAT to it.
+
+... but there's a caveat: I'd be very careful about becoming dependent
+on a small project with limited adoption. You could end up having to
+take on all of the maintenance and development of Qubes itself. The
+alternative would be having to port off of Qubes, which argues for not
+becoming dependent on it. Also, you may have trouble finding people who
+are willing to learn Qubes before they can start working. I suspect that
+you might be better advised to come up with something that could run
+with a variety of VM providers.
+
+As for whether you could adapt the application VMs to run Debian,
+I guess I'd ask "why do you want to adapt to Debian, particularly?".
+You'd be undoing a lot of Qubes' work to put a big unconfined
+Debian system in there.
+
+Since I wrote the initial suggestion, I've actually been thinking, off
+an on, about a two-VM alternative with a structure vaguely similar to the
+Qubes idea, and I think one of the good things about that idea equally
+applies to using Qubes. That good thing is that is that you don't
+have to really care about "adapting to Debian" any more. At all.
+
+## Getting off the distro treadmill
+
+The insights are that:
+
+1. If the application VM doesn't have to handle the user's "real" identity, and doesn't necessarily have to handle any data that persist between sessions, then there's much less pressure to do anything special in the application VM to protect anonymity.
+2. It's possible to set up Tor as a transparent Internet gateway, so that clients don't have to even be configured to use a SOCKS proxy. [Here's a HOWTO.](https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy)
+
+That means you can get out of the business of patching up a whole
+distribution to get everything to use Tor properly. You need to
+stay current on general security updates, but that's about it,
+especially if you don't enable the applications to write to any
+storage. In fact, you don't even have to configure anything to
+use Tor.
+
+Instead, you provide two very minimal, targeted environments: a VM
+to run Tor (this would replace the "NetVM" in Qubes), and a host environment
+to run the hypervisor (this would be Qubes', and Xen's, "dom0")
+
+Here's a slightly tweaked version of my block diagram, which is
+obviously very similar to Qubes'.:
+
+[[!img virtails.png alt="Block diagram"]]
+
+### The host
+
+The way I've drawn it, the host:
+
+1. Runs the hypervisor (and is therefore responsible for network, device, and memory isolation).
+2. Handles storage crypto (so that the application VM doesn't have to know any keys that might be useful beyond the current session).
+3. Handles the user's choices about whether any writable storage is available to the application VM (if you allow the user that choice)
+4. Keeeps the time of day accurate for everybody.
+5. Presumably handles other houskeeping functions, like cleaning memory.
+
+If the user wanted to, she could even use her own "regular" system
+as the host, and boot the Tor and application VMs within that.
+She'd better look to her swap encryption, and she'd better know
+what's going on generally, but she can do it.
+
+Veering back in the direction of better security, it looks like
+the Qubes people have been careful to have the host do a good job
+of isolating the VMs, for example not permitting the very large
+security hole of direct 3D graphic access from the VMs. Even if you
+didn't use Qubes, it sounds like they'd be a good project to learn
+from.
+
+### The Tor VM
+
+The Tor VM handles all communication between the application VM
+and the outside world.
+
+When the application VM boots, the Tor VM gives it an address using
+DHCP. The application VM uses the Tor VM as its default gateway and
+DNS server.
+
+Internally, the Tor VM diverts DNS requests and all TCP connections
+originating on the application side to Tor, which transparently
+anonymizes them. IP filtering prevents the application VM from sending
+anything else (and can be used to filter out "bad" traffic, as well, if
+need be). Probably the filter should also stop any unexpected traffic
+generated from within the Tor VM from being sent on the application
+side, as well.
+
+Kernel IP forwarding is totally disabled. Filtering on the Internet
+side prevents any process other than Tor from sending any packets
+whatsoever to the Internet. Much ICMP should probably also be filtered,
+just in case. Traffic *from* the Internet is limited to return
+traffic on TCP connections opened by Tor (maybe later it could be extended
+to act as a relay, too).
+
+You could clamp this down still further using SELinux.
+
+Since it has access to Tor and all its secrets, Vidalia runs in the Tor VM.
+That means the user has to do a console switch to see it. I don't see
+that as a big problem; YMMV. You definitely could NOT run it in the
+application VM.
+
+### The application VM
+
+With this sort of approach, the application VM *only* runs
+applications. It has no idea of the real IP address, or even of
+any machine's real MAC address. It doesn't know anything that identifies
+the user unless the user types it in.
+
+As a result, the application VM can be anything at all.
+Windows, if you really wanted to use it. What I'd actually use would be a stock
+Ubuntu LiveCD, for the following reasons:
+
+1. It's widespread, and it, or close variants of it, are probably what people are booting behind various homebrew Tor proxies right now. So you may get a larger anonymity set.
+2. It's very actively maintained... which means you're going to get upstream security patches.
+
+I could see a very good case for staying with Debian, though, to avoid
+Ubuntu's feature creep.
+
+But I suggest that it can nonetheless be *stock* Debian,
+absolutely unmodified from the latest upstream release.
+
+1. That would conserve important resources for Tails-specific development
+2. I suspect it would also speed up the process of propagating upstream fixes... which is probably the single best thing you can do for the security of the application VM.
+3. It would also discipline you to being client-agnostic, which would mean that others could grab your images (especially the Tor VM image) and reuse them for other things.
+
+# Update October 2012
+
+New developments in other projects:
+
+ * [Qubes OS + Tor](http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html): detailed instructions on how to set up transparent Tor proxy with Qubes OS.; lacks considerations for identity correlation though circuit sharing
+ * [Whonix](http://whonix.sourceforge.net/): Anonymous General Purpose Operating System; Isolating and Transparent Tor proxy based on Virtual Box, Debian GNU/Linux and Tor; not a live system
+
+
+> There are many users who would be able to set this up themselves, see [[todo/amd64_kernel]], the virtualisation software can be stored in the persistent storage and installed after booting a tails livecd. As long as the tails kernel supports running virtualisation software, the features in this document can be used today by a great many users
+
+# Semi-simple solution
+
+Let's say we [[todo/add_virtualbox_host_software]] to Tails and note
+that a host can start several guests using the same boot media. Hence
+we could add some kind of hook during Tails' boot process that,
+depending on some "magic" parameter set by the host (if any), makes
+Tails boot into specialized profiles (e.g. one that only runs Tor and
+one that runs the GUI stuff). For instance:
+
+* tor-guest: Boot Tails into a minimal mode (no Xorg etc.) that just:
+ - starts Tor with all its ports listening on the network.
+ - sets an appropriate firewall (only allow inbound traffic from the
+ 'app-guest' vm (see below) to Tor's ports, and only the outbound
+ traffic made by Tor).
+* i2p-guest: Same as 'tor-guest' but adapted for i2p.
+* app-guest: Boot Tails exactly like it's done now except:
+ - it uses the Tor instance running on 'tor-guest' vm.
+ - sets an appropriate firewall (only allow connections to the
+ 'tor-guest' and 'i2p-guest' vms)
+
+If no such profile is set Tails boots normally. In Tails Greeter we add
+an option called "Use isolation through virtualization" (or similar)
+that when set:
+
+1. Continues from Tails Greeter to a simple X screen (no GNOME etc.
+ running; only vms are supposed to be run from the host from now on).
+2. Starts a Tails guest with the 'tor-guest' parameter in headless
+ mode. (not sure about the 'i2p-guest' yet since it should start
+ automatically)
+3. Starts a Tails guest with the 'app-guest' parameter in fullscreen
+ mode. This is where the user should interact with Tails from now on.
+
+Relevant settings from Tails Greeter on the host must be forwarded to
+these guests appropriately, e.g. persistent Tor data dir to
+'tor-guest' and all other persistent directories to 'app-guest' (using
+VirtualBox' shared directories, I guess), and the language settings
+should be set in 'app-guest' etc.
+
+A fine question, though, is whether there exist something like this
+"magical" parameter I talk about above in VirtualBox. The simplest
+would be if Virtualbox could add stuff to the kernel commandline,
+but I doubt that is possible in any sane way. More likely something
+can be achieved through the guest additions. It seems like the host
+can execute arbitrary commands on guests using `vboxmanage
+guestcontrol execute`, which could be used to alter how Tails boots
+from then on.
+
+> You could communicate with Virtual Box using hardware serials. Examples:
+
+> `sudo -u $USERNAME VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "BIOS Vendor"`
+
+> `sudo -u $USERNAME VBoxManage setextradata "$VMNAME" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemUuid""9852bf98-b83c-49db-a8de-182c42c7226b"`
+
+> <https://github.com/adrelanos/Whonix/blob/master/whonix_createvm>
+> for more examples
+
+> Change hardware serials to some specified value, let Tails read it and
+> let Tails act accordingly.
diff --git a/wiki/src/blueprint/Two-layered_virtualized_system/virtails.png b/wiki/src/blueprint/Two-layered_virtualized_system/virtails.png
new file mode 100644
index 0000000..1b10482
--- /dev/null
+++ b/wiki/src/blueprint/Two-layered_virtualized_system/virtails.png
Binary files differ
diff --git a/wiki/src/blueprint/Two-layered_virtualized_system/virtails.svg b/wiki/src/blueprint/Two-layered_virtualized_system/virtails.svg
new file mode 100644
index 0000000..e5682bb
--- /dev/null
+++ b/wiki/src/blueprint/Two-layered_virtualized_system/virtails.svg
@@ -0,0 +1,1390 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:osb="http://www.openswatchbook.org/uri/2009/osb"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ width="1052.1"
+ height="744.29999"
+ id="svg2"
+ version="1.1"
+ inkscape:version="0.48.1 r9760"
+ sodipodi:docname="virtails.svg">
+ <defs
+ id="defs4">
+ <pattern
+ inkscape:collect="always"
+ xlink:href="#pattern6362"
+ id="pattern6440"
+ patternTransform="translate(-113.4375,251.5285)" />
+ <pattern
+ inkscape:collect="always"
+ xlink:href="#Strips1_1"
+ id="pattern6367"
+ patternTransform="matrix(10,0,0,10,113.4375,56.53125)" />
+ <pattern
+ inkscape:collect="always"
+ xlink:href="#pattern6336"
+ id="pattern6365"
+ patternTransform="matrix(7.0277811,7.1140919,-7.1140919,7.0277811,113.4375,56.53125)" />
+ <pattern
+ inkscape:collect="always"
+ xlink:href="#Strips1_1"
+ id="pattern6336"
+ patternTransform="matrix(7.0277811,7.1140919,-7.1140919,7.0277811,0,0)" />
+ <pattern
+ inkscape:stockid="Stripes 1:1"
+ id="Strips1_1"
+ patternTransform="translate(0,0) scale(10,10)"
+ height="1"
+ width="2"
+ patternUnits="userSpaceOnUse"
+ inkscape:collect="always">
+ <rect
+ id="rect5520"
+ height="2"
+ width="1"
+ y="-0.5"
+ x="0"
+ style="fill:black;stroke:none" />
+ </pattern>
+ <linearGradient
+ id="linearGradient6246"
+ osb:paint="solid">
+ <stop
+ style="stop-color:#ff0000;stop-opacity:1;"
+ offset="0"
+ id="stop6248" />
+ </linearGradient>
+ <inkscape:perspective
+ sodipodi:type="inkscape:persp3d"
+ inkscape:vp_x="0 : 372.14999 : 1"
+ inkscape:vp_y="0 : 1000 : 0"
+ inkscape:vp_z="1052.1 : 372.14999 : 1"
+ inkscape:persp3d-origin="526.04999 : 248.1 : 1"
+ id="perspective3123" />
+ <pattern
+ patternUnits="userSpaceOnUse"
+ width="78.0625"
+ height="63.875"
+ patternTransform="translate(-113.4375,251.5285)"
+ id="pattern6362">
+ <rect
+ rx="0"
+ ry="17.716536"
+ y="0.043834686"
+ x="0.05166626"
+ height="63.779526"
+ width="77.952766"
+ id="rect6326"
+ style="color:#000000;fill:url(#pattern6365);fill-opacity:1;stroke:url(#pattern6367);stroke-width:0;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate" />
+ <path
+ inkscape:connector-curvature="0"
+ id="path6348"
+ d="m 0.69776,20.476851 0,-6.723866 6.49563,-6.526594 6.495628,-6.526594 6.911053,0 6.911055,0 L 15.37928,12.750103 C 8.70677,19.377771 2.67376,25.340478 1.9726,26.000563 l -1.27484,1.200154 0,-6.723866 z"
+ style="fill:#ff0000;fill-opacity:1;stroke:#ff0000;stroke-width:0.69999999;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0" />
+ <path
+ inkscape:connector-curvature="0"
+ id="path6350"
+ d="m 0.69776,48.541413 0,-6.82179 9.38435,-9.225252 C 15.243498,27.420483 23.911623,18.83712 29.344607,13.420232 34.777591,8.003343 39.935603,2.924174 40.806858,2.13319 l 1.584099,-1.438153 6.792805,0.0496 6.792807,0.0496 -15.876997,15.675764 C 31.367223,25.091672 19.418177,36.906125 13.546139,42.724341 7.6741,48.54256 2.38102,53.766486 1.78373,54.333064 l -1.08597,1.030148 0,-6.821791 0,0 z"
+ style="fill:#ff0000;fill-opacity:1;stroke:#ff0000;stroke-width:0.69999999;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0" />
+ <path
+ inkscape:connector-curvature="0"
+ id="path6352"
+ d="M 19.801573,50.985004 C 26.592436,44.259063 34.187238,36.760674 36.67891,34.32192 39.170584,31.883166 45.84113,25.294487 51.502347,19.680416 57.163564,14.066343 63.795047,7.499038 66.238976,5.086404 l 4.443509,-4.386607 3.347157,0 3.347159,0 0,3.49514 0,3.495141 -12.323417,12.237996 c -6.777879,6.7309 -19.375953,19.223779 -27.995717,27.761956 l -15.672302,15.523959 -6.965407,0 -6.965408,0 12.347023,-12.228985 z"
+ style="fill:#ff0000;fill-opacity:1;stroke:#ff0000;stroke-width:0.69999999;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0" />
+ <path
+ inkscape:connector-curvature="0"
+ id="path6354"
+ d="m 48.224771,51.078898 c 6.736755,-6.6743 14.373373,-14.203362 16.970262,-16.731248 2.596888,-2.527886 6.40015,-6.308346 8.451692,-8.401022 l 3.730076,-3.804865 -0.01111,6.890643 -0.01111,6.890644 -13.780931,13.64547 -13.780929,13.645469 -6.908304,0 -6.908303,0 12.248647,-12.135091 z"
+ style="fill:#ff0000;fill-opacity:1;stroke:#ff0000;stroke-width:0.69999999;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0" />
+ <path
+ inkscape:connector-curvature="0"
+ id="path6356"
+ d="m 66.169135,61.466991 c 0.929852,-0.960849 3.831972,-3.864029 6.449154,-6.451511 l 4.758512,-4.704512 0,6.45151 0,6.451511 -6.449154,0 -6.449154,0 1.690642,-1.746998 z"
+ style="fill:#ff0000;fill-opacity:1;stroke:#ff0000;stroke-width:0.69999999;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0" />
+ </pattern>
+ </defs>
+ <sodipodi:namedview
+ id="base"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:zoom="1"
+ inkscape:cx="607.99512"
+ inkscape:cy="448.10973"
+ inkscape:document-units="px"
+ inkscape:current-layer="layer1"
+ showgrid="true"
+ units="in"
+ inkscape:window-width="1953"
+ inkscape:window-height="1105"
+ inkscape:window-x="3"
+ inkscape:window-y="159"
+ inkscape:window-maximized="0">
+ <inkscape:grid
+ type="xygrid"
+ id="grid4011"
+ units="mm"
+ empspacing="5"
+ visible="true"
+ enabled="true"
+ snapvisiblegridlinesonly="false"
+ spacingx="2mm"
+ spacingy="2mm"
+ dotted="true" />
+ </sodipodi:namedview>
+ <metadata
+ id="metadata7">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title></dc:title>
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ inkscape:label="Layer 1"
+ inkscape:groupmode="layer"
+ id="layer1"
+ transform="translate(0,-308.05975)">
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6440);stroke-width:5.31496048;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect2985"
+ width="922.60632"
+ height="674.47791"
+ x="26.999998"
+ y="335.36218" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="509"
+ y="357.36218"
+ id="text2987"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ x="510.91016"
+ y="357.36218"
+ id="tspan2991">Host system (Qubes dom0, other booted from CD, even user's regular environment with some user-provide hypervisor) </tspan></text>
+ <path
+ sodipodi:type="arc"
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:5.31496048;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="path2993"
+ sodipodi:cx="123.5"
+ sodipodi:cy="100.79999"
+ sodipodi:rx="43.5"
+ sodipodi:ry="13.5"
+ d="m 167,100.79999 a 43.5,13.5 0 1 1 -87,0 43.5,13.5 0 1 1 87,0 z"
+ transform="translate(-28,292.05975)" />
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 51,393.35974 c -1,304 -1,304 -1,304 l 0,1"
+ id="path3013"
+ inkscape:connector-curvature="0" />
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 140.5,394.85974 c -1,304 -1,304 -1,304 l 0,1"
+ id="path3013-3"
+ inkscape:connector-curvature="0" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="93"
+ y="395.35974"
+ id="text3033"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3035"
+ x="93"
+ y="395.35974">Host disk</tspan></text>
+ <path
+ transform="translate(-28.5,510.37684)"
+ sodipodi:type="arc"
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:5.31496048;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="path2993-0-3-7"
+ sodipodi:cx="123.5"
+ sodipodi:cy="100.79999"
+ sodipodi:rx="43.5"
+ sodipodi:ry="13.5"
+ d="M 167,100.79999 A 43.5,13.5 0 1 1 81.188541,97.665806"
+ sodipodi:start="0"
+ sodipodi:end="3.3758921"
+ sodipodi:open="true" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="93"
+ y="654.35974"
+ id="text3073"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3075"
+ x="93"
+ y="654.35974">Swap</tspan><tspan
+ sodipodi:role="line"
+ x="93"
+ y="669.35974"
+ id="tspan3077">partition</tspan><tspan
+ sodipodi:role="line"
+ x="94.910156"
+ y="684.35974"
+ id="tspan3969">(optional) </tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="94"
+ y="428.35974"
+ id="text3079"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3081"
+ x="94"
+ y="428.35974">User</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="443.35974"
+ id="tspan3083">file</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="458.35974"
+ id="tspan3085">systems</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="473.35974"
+ id="tspan3087">(unmounted</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="488.35974"
+ id="tspan3089">if T(A)ILS</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="503.35974"
+ id="tspan3091">booted</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="518.35974"
+ id="tspan3093">from CD</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="533.35974"
+ id="tspan3095">or USB,</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="548.35974"
+ id="tspan3097">possibly</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="563.35974"
+ id="tspan3099">mounted</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="578.35974"
+ id="tspan3101">if running</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="593.35974"
+ id="tspan3103">under user</tspan><tspan
+ sodipodi:role="line"
+ x="94"
+ y="608.35974"
+ id="tspan3105">OS)</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect3107"
+ width="127.55904"
+ height="66.094482"
+ x="49.6063"
+ y="832.67468" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="113.38583"
+ y="853.93457"
+ id="text3109"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3111"
+ x="113.38583"
+ y="853.93457">Host kernel</tspan><tspan
+ sodipodi:role="line"
+ x="113.38583"
+ y="868.93457"
+ id="tspan4015">virtual memory</tspan><tspan
+ sodipodi:role="line"
+ x="115.29599"
+ y="883.93457"
+ id="tspan3143">management </tspan></text>
+ <flowRoot
+ xml:space="preserve"
+ id="flowRoot3115"
+ style="fill:black;stroke:none;stroke-opacity:1;stroke-width:1px;stroke-linejoin:miter;stroke-linecap:butt;fill-opacity:1;font-family:Bitstream Vera Sans;font-style:normal;font-weight:normal;font-size:12px;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;text-align:center"><flowRegion
+ id="flowRegion3117"><rect
+ id="rect3119"
+ width="328"
+ height="129"
+ x="186"
+ y="462.29999" /></flowRegion><flowPara
+ id="flowPara3121"></flowPara></flowRoot> <rect
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect3141"
+ width="129.83467"
+ height="77.425209"
+ x="758.2677"
+ y="748.1629" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:#ff0000;font-family:Bitstream Vera Sans;stroke-opacity:1"
+ x="468"
+ y="584.66687"
+ id="text3145"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3147"
+ x="469.91016"
+ y="584.66687"> </tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:5.99999975999999968, 1.99999992000000004;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect3149"
+ width="659"
+ height="389.22836"
+ x="240"
+ y="379.66681" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="485"
+ y="442.29999"
+ id="text3919"
+ sodipodi:linespacing="125%"
+ transform="translate(0,308.05975)"><tspan
+ sodipodi:role="line"
+ id="tspan3921"
+ x="485"
+ y="442.29999" /></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="325.98425"
+ y="400.39124"
+ id="text3923"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3925"
+ x="325.98425"
+ y="400.39124">Hypervisor</tspan><tspan
+ sodipodi:role="line"
+ x="325.98425"
+ y="415.39124"
+ id="tspan4307">(Xen (Qubes), qemu-kvm,</tspan><tspan
+ sodipodi:role="line"
+ x="325.98425"
+ y="430.39124"
+ id="tspan4309">VirtualBox, VMWare)</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:5.31496047999999988;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect3927"
+ width="207"
+ height="224"
+ x="266"
+ y="449.66684" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="320"
+ y="366.29999"
+ id="text3929"
+ sodipodi:linespacing="125%"
+ transform="translate(0,308.05975)"><tspan
+ sodipodi:role="line"
+ id="tspan3931"
+ x="320"
+ y="366.29999" /></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans;stroke-opacity:1"
+ x="368.50394"
+ y="485.4306"
+ id="text3933"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3935"
+ x="368.50394"
+ y="485.4306">&quot;Application&quot; VM. Totally</tspan><tspan
+ sodipodi:role="line"
+ x="368.50394"
+ y="500.43063"
+ id="tspan3989">untrusted, and can be anything.</tspan><tspan
+ sodipodi:role="line"
+ x="368.50394"
+ y="515.43066"
+ id="tspan3975">Stock Ubuntu LiveCD, anyone?</tspan><tspan
+ sodipodi:role="line"
+ x="368.50394"
+ y="530.43066"
+ id="tspan4208">Could run multiples.</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect3937"
+ width="131.16536"
+ height="34"
+ x="46"
+ y="754.35974" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="69"
+ y="461.29999"
+ id="text3939"
+ sodipodi:linespacing="125%"
+ transform="translate(0,308.05975)"><tspan
+ sodipodi:role="line"
+ id="tspan3941"
+ x="69"
+ y="461.29999" /></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="108"
+ y="767.35974"
+ id="text3943"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3945"
+ x="108"
+ y="767.35974">LUKS, new random</tspan><tspan
+ sodipodi:role="line"
+ x="108"
+ y="782.35974"
+ id="tspan3947">key at each boot</tspan></text>
+ <path
+ transform="translate(-28.5,599.37684)"
+ sodipodi:type="arc"
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:5.31496048;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="path2993-0-3-7-1"
+ sodipodi:cx="123.5"
+ sodipodi:cy="100.79999"
+ sodipodi:rx="43.5"
+ sodipodi:ry="13.5"
+ d="M 167,100.79999 A 43.5,13.5 0 1 1 81.188541,97.665806"
+ sodipodi:start="0"
+ sodipodi:end="3.3758921"
+ sodipodi:open="true" />
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 93,406.29999 c -1,39 -1,39 -1,39"
+ id="path3971"
+ inkscape:connector-curvature="0"
+ transform="translate(0,308.05975)" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans;stroke-opacity:1"
+ x="310"
+ y="570.46997"
+ id="text3977"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3979"
+ x="310"
+ y="570.46997">Firefox</tspan><tspan
+ sodipodi:role="line"
+ x="310"
+ y="585.46997"
+ id="tspan3981">Pidgin</tspan><tspan
+ sodipodi:role="line"
+ x="310"
+ y="600.46997"
+ id="tspan3983">Ooffice</tspan><tspan
+ sodipodi:role="line"
+ x="310"
+ y="615.46997"
+ id="tspan3985">Whatever</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect3987"
+ width="75"
+ height="70"
+ x="275"
+ y="556.46997" />
+ <path
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 825.19599,406.90316 c -399.99914,0.5747 -399.99914,0.5747 -399.99914,0.5747"
+ id="path3993"
+ inkscape:connector-curvature="0" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="616.53546"
+ y="400.39124"
+ id="text3995"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3997"
+ x="616.53546"
+ y="400.39124">Untrusted virtual network</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="446.4567"
+ y="421.65109"
+ id="text3999"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4001"
+ x="446.4567"
+ y="421.65109">MAC=00:04:00:00:00:01</tspan><tspan
+ sodipodi:role="line"
+ x="446.4567"
+ y="434.15109"
+ id="tspan4003">IP=10.0.0.2</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans;stroke-opacity:1"
+ x="440"
+ y="465.66684"
+ id="text4005"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4007"
+ x="440"
+ y="465.66684">eth0</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 439.37008,407.47787 c 0,42.51969 0,42.51969 0,42.51969"
+ id="path4013"
+ inkscape:connector-curvature="0" />
+ <path
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 92.125984,482.09526 c 0,42.51969 0,42.51969 0,42.51969"
+ id="path4017"
+ inkscape:connector-curvature="0"
+ transform="translate(0,308.05975)" />
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:5.31500000000000039;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect3927-7"
+ width="340.15747"
+ height="224"
+ x="510.23621"
+ y="449.99756" />
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="822.04724"
+ y="464.17075"
+ id="text4005-9"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4007-3"
+ x="822.04724"
+ y="464.17075">eth1</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 807.87402,407.47786 c 0,70.86616 0,70.86616 0,70.86616"
+ id="path4013-3"
+ inkscape:connector-curvature="0" />
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="680.31494"
+ y="421.65109"
+ id="text3999-9"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4001-0"
+ x="680.31494"
+ y="421.65109">MAC=00:03:00:00:00:02</tspan><tspan
+ sodipodi:role="line"
+ x="680.31494"
+ y="434.15109"
+ id="tspan4003-7">IP=10.0.0.1</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4126"
+ width="141.73233"
+ height="184.25198"
+ x="694.48816"
+ y="471.25735" />
+ <rect
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:0.99999994000000003;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4128"
+ width="35.433025"
+ height="70.866165"
+ x="793.70081"
+ y="478.34396" />
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="811.88361"
+ y="505.0759"
+ id="text4130"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ x="811.88361"
+ y="505.0759"
+ id="tspan4168"> Appl</tspan><tspan
+ sodipodi:role="line"
+ x="811.88361"
+ y="517.57593"
+ id="tspan4218">IP</tspan><tspan
+ sodipodi:role="line"
+ x="811.88361"
+ y="530.07593"
+ id="tspan4220">filt.</tspan></text>
+ <rect
+ style="fill:none;stroke:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none"
+ id="rect4144"
+ width="148.81889"
+ height="120.47244"
+ x="616.53546"
+ y="-141.52678"
+ transform="translate(0,308.05975)" />
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4148"
+ width="77.952774"
+ height="92.125992"
+ x="566.92914"
+ y="570.46997" />
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4150"
+ width="77.952766"
+ height="21.259815"
+ x="566.92914"
+ y="535.03687" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="602.36218"
+ y="591.72986"
+ id="text4152"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4154"
+ x="602.36218"
+ y="591.72986">Tor</tspan><tspan
+ sodipodi:role="line"
+ x="602.36218"
+ y="606.72986"
+ id="tspan4156">(transparent</tspan><tspan
+ sodipodi:role="line"
+ x="602.36218"
+ y="621.72986"
+ id="tspan4158">mode</tspan><tspan
+ sodipodi:role="line"
+ x="602.36218"
+ y="636.72986"
+ id="tspan4160">w/DNS</tspan><tspan
+ sodipodi:role="line"
+ x="602.36218"
+ y="651.72986"
+ id="tspan4162">spoofing)</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4172"
+ width="70.866127"
+ height="134.64565"
+ x="701.57483"
+ y="478.34402" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="737.00787"
+ y="527.95032"
+ id="text4174"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4176"
+ x="737.00787"
+ y="527.95032">iptables</tspan><tspan
+ sodipodi:role="line"
+ x="737.00787"
+ y="542.95032"
+ id="tspan4178">NAT</tspan><tspan
+ sodipodi:role="line"
+ x="737.00787"
+ y="557.95032"
+ id="tspan4180">REDIRECT</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="602.36218"
+ y="549.21014"
+ id="text4182"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4184"
+ x="602.36218"
+ y="549.21014">Vidalia</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4186"
+ width="77.952759"
+ height="21.259842"
+ x="566.29132"
+ y="508.09995" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="602.36218"
+ y="520.86377"
+ id="text4188"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4190"
+ x="602.36218"
+ y="520.86377">dhcpd</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 644.8819,584.6432 c 56.69291,0 56.69291,0 56.69291,0"
+ id="path4192"
+ inkscape:connector-curvature="0" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="651.96851"
+ y="563.38342"
+ id="text4194"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4196"
+ x="651.96851"
+ y="563.38342">All TCP</tspan><tspan
+ sodipodi:role="line"
+ x="651.96851"
+ y="578.38342"
+ id="tspan4198">+ DNS</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 644.88195,520.86371 c 56.69291,0 56.69291,0 56.69291,0"
+ id="path4200"
+ inkscape:connector-curvature="0" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="671.31818"
+ y="513.77716"
+ id="text4204"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4206"
+ x="673.22833"
+ y="513.77716">DHCP </tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4210"
+ width="77.952759"
+ height="35.433052"
+ x="566.92914"
+ y="464.17081" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="602.36218"
+ y="478.34402"
+ id="text4212"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4214"
+ x="602.36218"
+ y="478.34402">Poss.</tspan><tspan
+ sodipodi:role="line"
+ x="602.36218"
+ y="493.34402"
+ id="tspan4216">I2P, etc</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:0.99999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4128-9"
+ width="35.433025"
+ height="70.866165"
+ x="794.70081"
+ y="576.99792" />
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="812.88361"
+ y="603.72986"
+ id="text4130-6"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ x="812.88361"
+ y="603.72986"
+ id="tspan4168-8"> Tor</tspan><tspan
+ sodipodi:role="line"
+ x="812.88361"
+ y="616.22986"
+ id="tspan4218-9">IP</tspan><tspan
+ sodipodi:role="line"
+ x="812.88361"
+ y="628.72986"
+ id="tspan4220-6">filt.</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 772.44094,513.77707 c 21.25985,0 21.25985,0 21.25985,0"
+ id="path4252"
+ inkscape:connector-curvature="0" />
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 644.8819,627.16289 c 148.8189,0 148.8189,0 148.8189,0"
+ id="path4254"
+ inkscape:connector-curvature="0" />
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 807.87402,648.42273 0,99.21262"
+ id="path4256"
+ inkscape:connector-curvature="0" />
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="821.13385"
+ y="664.09204"
+ id="text4005-0"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4007-7"
+ x="821.13385"
+ y="664.09204">eth0</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="673.22833"
+ y="690.94244"
+ id="text3999-9-6"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4001-0-3"
+ x="673.22833"
+ y="690.94244">MAC=00:02:00:00:00:02</tspan><tspan
+ sodipodi:role="line"
+ x="673.22833"
+ y="703.44244"
+ id="tspan4003-7-6">IP=192.168.1.2</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="807.87402"
+ y="783.06842"
+ id="text4303"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4305"
+ x="807.87402"
+ y="783.06842">Host or</tspan><tspan
+ sodipodi:role="line"
+ x="807.87402"
+ y="798.06842"
+ id="tspan4322">hypervisor</tspan><tspan
+ sodipodi:role="line"
+ x="807.87402"
+ y="813.06842"
+ id="tspan4324">NAT</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="807.87402"
+ y="761.80859"
+ id="text4326"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4328"
+ x="807.87402"
+ y="761.80859">veth</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="814.96063"
+ y="726.37549"
+ id="text3999-9-6-6"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4001-0-3-2"
+ x="814.96063"
+ y="726.37549">MAC=00:01:00:00:00:02</tspan><tspan
+ sodipodi:role="line"
+ x="814.96063"
+ y="738.87549"
+ id="tspan4003-7-6-1">IP=192.168.1.1</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 885.82677,792.34526 c 77.95276,-2.19012 77.95276,-2.19012 77.95276,-2.19012"
+ id="path4354"
+ inkscape:connector-curvature="0" />
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="870.06177"
+ y="790.15503"
+ id="text4005-1"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4007-0"
+ x="871.65356"
+ y="790.15503">eth </tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="813"
+ y="715.29999"
+ id="text4377"
+ sodipodi:linespacing="125%"
+ transform="translate(0,308.05975)"><tspan
+ sodipodi:role="line"
+ id="tspan4379"
+ x="813"
+ y="715.29999" /></text>
+ <text
+ xml:space="preserve"
+ style="font-size:14px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="990.21582"
+ y="775.98181"
+ id="text4381"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4383"
+ x="992.12598"
+ y="775.98181">Internet </tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="963.77954"
+ y="811.41486"
+ id="text3999-9-6-6-1"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4001-0-3-2-7"
+ x="963.77954"
+ y="811.41486">MAC=&lt;real&gt;</tspan><tspan
+ sodipodi:role="line"
+ x="963.77954"
+ y="823.91486"
+ id="tspan4003-7-6-1-4">IP=&lt;real&gt;</tspan></text>
+ <path
+ sodipodi:type="arc"
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:3.33560133;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="path4411"
+ sodipodi:cx="347.24408"
+ sodipodi:cy="510.44171"
+ sodipodi:rx="92.125984"
+ sodipodi:ry="14.173228"
+ d="m 438.87517,511.90883 a 92.125984,14.173228 0 1 1 0.46045,-1.85466"
+ transform="matrix(2.5389363,0,0,1,-334.74854,476.67138)"
+ sodipodi:start="0.10369898"
+ sodipodi:end="6.2558386"
+ sodipodi:open="true" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="547.36517"
+ y="990.88068"
+ id="text4413"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4415"
+ x="547.36517"
+ y="990.88068">T(A)ILS media (USB or CD)</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 311.81102,861.02112 c 0,127.55905 0,127.55905 0,127.55905"
+ id="path4417"
+ inkscape:connector-curvature="0" />
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 779.52756,861.02121 c 0,127.559 0,127.559 0,127.559"
+ id="path4417-9"
+ inkscape:connector-curvature="0" />
+ <path
+ sodipodi:type="arc"
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:3.33560133;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="path4411-3"
+ sodipodi:cx="347.24408"
+ sodipodi:cy="510.44171"
+ sodipodi:rx="92.125984"
+ sodipodi:ry="14.173228"
+ d="M 438.87517,511.90883 A 92.125984,14.173228 0 0 1 255.22738,509.75155"
+ transform="matrix(2.5389363,0,0,-1,-335.96131,1371.4629)"
+ sodipodi:start="0.10369898"
+ sodipodi:end="3.1903068"
+ sodipodi:open="true" />
+ <rect
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4455"
+ width="63.779526"
+ height="99.212601"
+ x="330.00806"
+ y="866.07672" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="357.71671"
+ y="881.95062"
+ id="text4457"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4459"
+ x="357.71671"
+ y="881.95062">Appl</tspan><tspan
+ sodipodi:role="line"
+ x="357.71671"
+ y="896.95062"
+ id="tspan4461">boot</tspan><tspan
+ sodipodi:role="line"
+ x="357.71671"
+ y="911.95062"
+ id="tspan4463">media</tspan><tspan
+ sodipodi:role="line"
+ x="357.71671"
+ y="926.95062"
+ id="tspan4473">(LiveCD</tspan><tspan
+ sodipodi:role="line"
+ x="357.71671"
+ y="941.95062"
+ id="tspan4477">image,</tspan><tspan
+ sodipodi:role="line"
+ x="357.71671"
+ y="956.95062"
+ id="tspan4481">etc)</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4465"
+ width="70.866142"
+ height="35.433071"
+ x="403.93701"
+ y="783.06836" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="439.37009"
+ y="797.24164"
+ id="text4467"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4469"
+ x="439.37009"
+ y="797.24164">LUKS or</tspan><tspan
+ sodipodi:role="line"
+ x="439.37009"
+ y="812.24164"
+ id="tspan4471">TrueCrypt</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="205"
+ y="547.29999"
+ id="text4483"
+ sodipodi:linespacing="125%"
+ transform="translate(0,308.05975)"><tspan
+ sodipodi:role="line"
+ id="tspan4485"
+ x="206.91016"
+ y="547.29999"> </tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 666.14173,846.84794 c 0,127.55904 0,127.55904 0,127.55904"
+ id="path4417-3"
+ inkscape:connector-curvature="0" />
+ <rect
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4455-4"
+ width="63.779526"
+ height="99.212601"
+ x="411.03036"
+ y="866.07672" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="442.5217"
+ y="896.49359"
+ id="text4457-9"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4459-8"
+ x="442.5217"
+ y="896.49359">Appl</tspan><tspan
+ sodipodi:role="line"
+ x="442.5217"
+ y="911.49359"
+ id="tspan4481-0">persistent</tspan><tspan
+ sodipodi:role="line"
+ x="442.5217"
+ y="926.49359"
+ id="tspan4548">storage</tspan><tspan
+ sodipodi:role="line"
+ x="444.43185"
+ y="941.49359"
+ id="tspan4550">(optional) </tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4455-9"
+ width="63.779526"
+ height="99.212601"
+ x="694.48816"
+ y="868.10779" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="722.83466"
+ y="903.54083"
+ id="text4457-0"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ x="722.83466"
+ y="903.54083"
+ id="tspan4481-9">Host</tspan><tspan
+ sodipodi:role="line"
+ x="722.83466"
+ y="918.54083"
+ id="tspan4603">boot</tspan><tspan
+ sodipodi:role="line"
+ x="722.83466"
+ y="933.54083"
+ id="tspan4605">image</tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4455-4-3"
+ width="63.779526"
+ height="99.212601"
+ x="496.06973"
+ y="866.07672" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="527.56104"
+ y="896.49359"
+ id="text4457-9-8"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ x="527.56104"
+ y="896.49359"
+ id="tspan4550-0">Tor</tspan><tspan
+ sodipodi:role="line"
+ x="527.56104"
+ y="911.49359"
+ id="tspan4663">boot</tspan><tspan
+ sodipodi:role="line"
+ x="529.47119"
+ y="926.49359"
+ id="tspan4665">media </tspan></text>
+ <rect
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4455-4-7"
+ width="63.779526"
+ height="99.212601"
+ x="581.10913"
+ y="866.07672" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="612.60046"
+ y="882.32037"
+ id="text4457-9-6"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4459-8-3"
+ x="612.60046"
+ y="882.32037">Tor</tspan><tspan
+ sodipodi:role="line"
+ x="612.60046"
+ y="897.32037"
+ id="tspan4481-0-3">persistent</tspan><tspan
+ sodipodi:role="line"
+ x="612.60046"
+ y="912.32037"
+ id="tspan4548-2">storage</tspan><tspan
+ sodipodi:role="line"
+ x="612.60046"
+ y="927.32037"
+ id="tspan4550-4">(cache,</tspan><tspan
+ sodipodi:role="line"
+ x="612.60046"
+ y="942.32037"
+ id="tspan4667">entry</tspan><tspan
+ sodipodi:role="line"
+ x="614.51062"
+ y="957.32037"
+ id="tspan4669">guards) </tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans;stroke-opacity:1"
+ x="368.50394"
+ y="655.50934"
+ id="text4671"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4673"
+ x="368.50394"
+ y="655.50934">sda/</tspan><tspan
+ sodipodi:role="line"
+ x="368.50394"
+ y="668.00934"
+ id="tspan4675">sdc</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:10px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans;stroke-opacity:1"
+ x="432.28348"
+ y="655.50934"
+ id="text4671-9"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ x="432.28348"
+ y="655.50934"
+ id="tspan4675-3">sdb/</tspan><tspan
+ sodipodi:role="line"
+ x="432.28348"
+ y="668.00934"
+ id="tspan4703">sda</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:url(#Strips1_1);stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 368.50394,768.89518 0,99.21259 0,0"
+ id="path4705"
+ inkscape:connector-curvature="0" />
+ <path
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 439.37008,368.70944 c 0,106.29921 0,106.29921 0,106.29921"
+ id="path4707"
+ inkscape:connector-curvature="0"
+ transform="translate(0,308.05975)" />
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 439.37008,818.50147 c 0,49.6063 0,49.6063 0,49.6063"
+ id="path4709"
+ inkscape:connector-curvature="0" />
+ <rect
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect4465-3"
+ width="70.866142"
+ height="35.433071"
+ x="574.01575"
+ y="783.06836" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="609.44885"
+ y="797.24164"
+ id="text4467-9"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4469-8"
+ x="609.44885"
+ y="797.24164">LUKS or</tspan><tspan
+ sodipodi:role="line"
+ x="609.44885"
+ y="812.24164"
+ id="tspan4471-1">TrueCrypt</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 538.58268,768.89518 0,99.21259 0,0"
+ id="path4705-6"
+ inkscape:connector-curvature="0" />
+ <path
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 609.44882,676.76919 c 0,106.29921 0,106.29921 0,106.29921"
+ id="path4707-0"
+ inkscape:connector-curvature="0" />
+ <path
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:2.65748024;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 609.44882,818.50147 c 0,49.6063 0,49.6063 0,49.6063"
+ id="path4709-6"
+ inkscape:connector-curvature="0" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="318.89764"
+ y="790.15503"
+ id="text4766"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4768"
+ x="318.89764"
+ y="790.15503">Forced</tspan><tspan
+ sodipodi:role="line"
+ x="318.89764"
+ y="805.15503"
+ id="tspan4772">Read</tspan><tspan
+ sodipodi:role="line"
+ x="318.89764"
+ y="820.15503"
+ id="tspan4770">Only</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="496.06299"
+ y="790.15503"
+ id="text4766-5"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan4768-2"
+ x="496.06299"
+ y="790.15503">Forced</tspan><tspan
+ sodipodi:role="line"
+ x="496.06299"
+ y="805.15503"
+ id="tspan4772-3">Read</tspan><tspan
+ sodipodi:role="line"
+ x="496.06299"
+ y="820.15503"
+ id="tspan4770-1">Only</tspan></text>
+ <path
+ style="color:#000000;fill:none;stroke:#ff0000;stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 368.50394,768.89518 c 0,-92.12599 0,-92.12599 0,-92.12599"
+ id="path6416"
+ inkscape:connector-curvature="0" />
+ <path
+ style="color:#000000;fill:none;stroke:url(#pattern6362);stroke-width:2.65748023999999994;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ d="m 538.58268,768.89518 c 0,-92.12599 0,-92.12599 0,-92.12599"
+ id="path6416-3"
+ inkscape:connector-curvature="0" />
+ <rect
+ style="color:#000000;fill:none;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;stroke-dashoffset:0;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
+ id="rect6442"
+ width="70.866142"
+ height="120.47247"
+ x="151.07086"
+ y="424.1156" />
+ <text
+ xml:space="preserve"
+ style="font-size:12px;font-style:normal;font-weight:normal;text-align:center;line-height:125%;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;font-family:Bitstream Vera Sans"
+ x="184.25197"
+ y="442.91092"
+ id="text6444"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan6446"
+ x="184.25197"
+ y="442.91092">User</tspan><tspan
+ sodipodi:role="line"
+ x="184.25197"
+ y="457.91092"
+ id="tspan6448">processes</tspan><tspan
+ sodipodi:role="line"
+ x="184.25197"
+ y="472.91092"
+ id="tspan6450">if</tspan><tspan
+ sodipodi:role="line"
+ x="184.25197"
+ y="487.91092"
+ id="tspan6452">running</tspan><tspan
+ sodipodi:role="line"
+ x="184.25197"
+ y="502.91092"
+ id="tspan6454">under</tspan><tspan
+ sodipodi:role="line"
+ x="184.25197"
+ y="517.91089"
+ id="tspan6456">user</tspan><tspan
+ sodipodi:role="line"
+ x="184.25197"
+ y="532.91089"
+ id="tspan6458">OS</tspan></text>
+ </g>
+</svg>