Some operating systems, such as Qubes, allow for fine-grained isolation of applications using virtualization. These tools are useful for ensuring security goals, but they can be difficult to configure and use. We are examining ways to combine organization computer fleet management tools, like JAMF, SCCM, and Puppet, with these operating systems to allow organization IT to help users create and use the right risk management domains. The goal is to give end-users the freedom to manage low-risk environments and configure software tools while ensuring security in high-risk environments with sensitive assets.
The following video gives a short overview of the OS Isolation project.