Here are some links to various papers/research projects that somehow relate to Qubes.

Attacks on Intel TXT

• ​Attacking Intel® Trusted Execution Technology by Rafal Wojtczuk, Joanna Rutkowska
• ​ACPI: Design Principles and Concerns by Loic Duflot, Olivier Levillain, and Benjamin Morin
• ​Another Way to Circumvent Intel® Trusted Execution Technology by Rafal Wojtczuk, Joanna Rutkowska, Alex Tereshkin
• ​Attacking Intel TXT® via SINIT code execution hijacking by Rafal Wojtczuk and Joanna Rutkowska

Software attacks coming through devices

• ​Can you still trust your network card? by Loïc Duflot, Yves-Alexis Perez and others
• ​Remotely Attacking Network Cards (or why we do need VT-d and TXT) by Joanna Rutkowska
• ​On Formally Verified Microkernels (and on attacking them) by Joanna Rutkowska
• ​Following the White Rabbit: Software Attacks against Intel® VT-d by Rafal Wojtczuk and Joanna Rutkowska

Application-level security

• ​Virtics: A System for Privilege Separation of Legacy Desktop Applications by Matt Piotrowski
  (We plan to implement some ideas from Matt's thesis in Qubes very soon -- stay tuned for details)

VMM/Xen disagregation

• [​http://tjd.phlegethon.org/words/sosp11-xoar.pdf "Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor] by Patrick Colp at el.
  (Also see ​this thread on xen-devel)