The document discusses operating system security and introduces TOMOYO Linux as an access control mechanism for Linux that can restrict administrator privileges and limit the damage caused by stolen devices or exploited vulnerabilities. It explains that TOMOYO Linux tracks process executions to generate security policies and allows administrators to view process histories to define access control rules. The presentation also provides an overview of SELinux and concludes with an announcement of a demonstration of TOMOYO Linux's policy learning mode capabilities.
10. FAULT OF
No, not really
is just a machine
is responsible to keep the control of
Like a driver is responsible for a car accident
11. EVER THOUGHT?
Your PC/Embedded device are the same as
It does not know what is good and what is bad
You, as the owner of PC, has to administrate it
Separating accounts and use passwords
Setting access mode for files and directories
12. UNFORTUNATELY
Those things are not sufficient
Because
1. Bugs can cause buffer overflows
2. It is possible to take over administrator privilege via
buffer overflows
3. Administrator privilege means all mighty
13. SO YOU NEED
Something to restrict (or limit) the administrator
privilege
Windows VISTA introduced UAC
Linux and other mainstream OS are equipped with
a better access control mechanisms: SELinux,
Smack and TOMOYO Linux
14. The green field is the
operating system space
A car is a process (program)
In normal OS, car can go
anywhere (can do anything)
If your car is stolen, your
damage is unlimited
15. WHY “UNLIMITED”?
Operating system does not know you
Operating system does not understand good
operations and bad operations
If one gets privilege, he is a God and can do anything
(format the drive, stop the service, setting a
backdoor ..)
16. Total idea is “limiting” the freedom
You have to be careful not to limit the proper usage
17. The ideal state is car can go places you
need, but cannot go anywhere else
18. YOUR ROLE
Like , SELinux and TOMOYO Linux can’t know
which operation is good and which is bad
You have to tell them as a set of conditions, which are
called “policy”
19. WHY IT IS DIFFICULT?
Because additional access control works in the deep
inside of the operating system (in Linux kernel)
Linux kernel is not very user friendly world
inode, file descriptor, lock …
Policy is like a assembler language of computer
security
22. EMBEDDED, TOO?
The more and more devices are using Linux
A rich set of software (TCP/IP, apache, samba …)
Vulnerabilities are the same with server machines
Embedded devices store personal information, so
security is more important
Embedded devices can physically cause harm
(remotely destroy/damage your possessions)