Upload
dohuong
View
229
Download
0
Embed Size (px)
Citation preview
The Tizen Security Policy May
Work For You, But What About
Me?
Casey Schaufler
Intel
2
Wait … That’s Not Ryan!
• Casey Schaufler
• Tizen Security Architect
• Kernel Developer 1979
• Smack LSM 2008
3
What Is The Tizen Security Policy?
• It’s amazing how few people ask!
• Applications have a policy
• The platform has a policy
• Today’s talk is about the platform
4
Tizen Isn’t Android
• Android
• Apps identified by UID
• Intent based IPC
• SELinux retrofit
• Tizen
• Users identified by UID
• Socket based IPC
• Smack from inception
5
Tizen Isn’t Windows Phone, Either
• Windows
• Access controls on APIs
• DLL based services
• Proprietary implementation
• Tizen
• Access controls in system calls
• Process based services
• Community open source
6
Nor Is Tizen A Linux Distribution
• Distributions
• Complete end user control
• Unconstrained network access
• Generic use model
• Tizen
• Vendor configuration control
• Control over network access
• Configured to specific purposes
7
Well, What Is Tizen?
• Collection of packages
• Configured for specific profiles
• UDS based services
8
And Tizen Security?
• Security domains
• Simple separation
• Enforced by Smack
9
Why Does My Program Break?
• No access to another domain
• Reading files
• Writing files
• Sending messages
10
But I’m Using The API Correctly!
• APIs hide details from you
• Those details can matter for security
• Sometimes APIs do questionable things
11
Case In Point: Vconf
• Looks like configuration manager
• Pile of code on top of files
• File access rules apply
12
To Further Complicate Things
• Sockets have access controls
• Need permission to talk at all
• Many APIs hide communications
13
So, What Do I Do?
• Understand Smack Policy
• Know what your APIs do
• Consider Security Before you code
14
Smack Policy - Briefly
• No access between domains
• Smack rules make exceptions
• No global sharing
15
Smack Rules
• Me You rx
• Me You::Share rwxat
• Me Service w
• Service Me w
16
Who Are You Sharing With?
• Identify the objects you use
• Find out how you access them
• You can
• Join a domain
• Create Smack rules
• Do things differently
17
Know Your APIs
• Read the internals documentation
• Run using strace
• Ask someone
• Don’t assume the API knows what
it is doing
18
Sorry, but …
• No magic wand
“You
security
people are
insane!”