Suche senden
Hochladen
Mobile Security Framework
•
0 gefällt mir
•
620 views
Durch KI verbesserter Titel
E
Elena Reshetova
Folgen
The overall architecture description of Mobile Simplified Security Framework
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 35
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
ANDTEK Solutions and Products
ANDTEK Solutions and Products
ccmorris
I view suite_datasheet_v56_screen
I view suite_datasheet_v56_screen
VENUS TELE-LINKS
Videoconference Infrastructure
Videoconference Infrastructure
Videoguy
Kỹ thuật xúc tác
Kỹ thuật xúc tác
dang thuan
iOS Application Security Testing
iOS Application Security Testing
Blueinfy Solutions
Maemo 6 Platform Security
Maemo 6 Platform Security
Peter Schneider
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Bob Rhubart
Android modding-source
Android modding-source
Phyo Lay
Empfohlen
ANDTEK Solutions and Products
ANDTEK Solutions and Products
ccmorris
I view suite_datasheet_v56_screen
I view suite_datasheet_v56_screen
VENUS TELE-LINKS
Videoconference Infrastructure
Videoconference Infrastructure
Videoguy
Kỹ thuật xúc tác
Kỹ thuật xúc tác
dang thuan
iOS Application Security Testing
iOS Application Security Testing
Blueinfy Solutions
Maemo 6 Platform Security
Maemo 6 Platform Security
Peter Schneider
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Bob Rhubart
Android modding-source
Android modding-source
Phyo Lay
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Bob Rhubart
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
Novell
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
CODE BLUE
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
Newvewm
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
The Linux Foundation
Android secure coding
Android secure coding
Blueinfy Solutions
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
Nokia Qt SDK in action - Qt developer days 2010
Nokia Qt SDK in action - Qt developer days 2010
Nokia
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
Cal Leeming
Docker Containers Security
Docker Containers Security
Stephane Woillez
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
247infotech
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android Data
Michael Smith
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
Wesley Li
Mobile device security using transient authentication
Mobile device security using transient authentication
Paulo Martins
iOS application (in)security
iOS application (in)security
iphonepentest
Hypervisor and VDI security
Hypervisor and VDI security
Denis Gundarev
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
Provisioning Q and A
Provisioning Q and A
Joshua Goldbard
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Weitere ähnliche Inhalte
Ähnlich wie Mobile Security Framework
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Bob Rhubart
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
Novell
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
CODE BLUE
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
Newvewm
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
The Linux Foundation
Android secure coding
Android secure coding
Blueinfy Solutions
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
LINE Corporation
Nokia Qt SDK in action - Qt developer days 2010
Nokia Qt SDK in action - Qt developer days 2010
Nokia
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
Cal Leeming
Docker Containers Security
Docker Containers Security
Stephane Woillez
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
247infotech
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android Data
Michael Smith
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
Wesley Li
Mobile device security using transient authentication
Mobile device security using transient authentication
Paulo Martins
iOS application (in)security
iOS application (in)security
iphonepentest
Hypervisor and VDI security
Hypervisor and VDI security
Denis Gundarev
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
Provisioning Q and A
Provisioning Q and A
Joshua Goldbard
Ähnlich wie Mobile Security Framework
(20)
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
Android secure coding
Android secure coding
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
Nokia Qt SDK in action - Qt developer days 2010
Nokia Qt SDK in action - Qt developer days 2010
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
Docker Containers Security
Docker Containers Security
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android Data
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
Mobile device security using transient authentication
Mobile device security using transient authentication
iOS application (in)security
iOS application (in)security
Hypervisor and VDI security
Hypervisor and VDI security
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Provisioning Q and A
Provisioning Q and A
Kürzlich hochgeladen
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
Kürzlich hochgeladen
(20)
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Mobile Security Framework
1.
Mobile Simplified Security
Framework MSSF Dmitry Kasatkin, MeeGo devices, Nokia OLS2010, Ottawa, Canada 14.07.2010 1 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
2.
Agenda • Security goals •
Introduction • Chipset security & boot process • Integrity Protection • Access Control • Privacy Protection • Q&A 2 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
3.
Security Goals • Protection
of the user • Disallow loss/stealing of owner's personal data • E.g mallware sending user's contacts • Miss-use of the device (unexpected costs) • E.g mallware sending sms to pay numbers • Protection of the Device • Must meet regulatory requirements and specification • Identity protection • Disallow changing of RF, EM or WiFi tuning values 3 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
4.
Security Goals • Protection
of the Business • Disallow braking of the SIM/Subsidy Lock • Lose of business • Limit what can be installed on the device • AT&T variant needs to stay AT&T variant • To reduce fraud against Business • False service bills, Device cloning, back-door manufacturing • Enable new services • Allow services such as Music store or App Store and support copy protection • Mobile payments and Billing 4 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
5.
Security Framework –
multilevel model Device • Protect the entire platform using multiple Secure SW distribution technologies Privacy Protection • Chipset Security Access Control • secure cryptographic services for OS level security Integrity Protection • Integrity protection • Ensure protection of TCB, applications and data Chipset Security • Access Control • Limits application access to critical resources • Application privacy protection • Provides integrity and confidentiality protection for applications and services • Security Framework relies on the secure software distribution model. • Ensures the authentication of a package's source. 5 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
6.
Device Modes • Normal
Mode – default • Access Control and integrity protection is enforced by the security policy • Unauthorized modification of the security policy is not allowed. • Device Keys are available • Access to Services, Games, etc... • Optional Copy Protection • Developer Mode • Enables low-level development and customization • Compile and flash your own kernel • Allows to modify security policy to access more resource without certification • Some functionality is limited • Limited access to device keys • No access to protected content 6 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
7.
Chipset Security 7
© 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
8.
Chipset Security • Chipset
security is the key subsystem whole platform security relies on • Provides tamper resistant secure services similar to TPM • Provides • Root symmetric device specific key • Is used to derive keys used for local cryptography operations • Is used to derive unique public identifier of the device • Root Public Key • Is used to verify that software packages are coming from trusted source • Trusted Boot • Verify integrity of the bootloader and SW image using Root Public Key • Secure Services • Secure key management and cryptographic services • Provides Secure Execution Environment (SEE) • It consists of secure ROM and RAM that is isolated from rest of the system to allow execution of integrity protected applications for protected storage and DRM 8 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
9.
Boot Process
Boot ROM • Boot ROM verifies Bootloader integrity using Root Public Key Failed Check Reset • Bootloader verifies kernel image using bootloader Root public key ok no • If failed, checks SIM/Subsidy lock yes Bootloader Open mode allowed? yes Failed Check SIM Locked Kernel ok no Restrict Security functionality Boot Boot Normal Mode Open Mode 9 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
10.
Integrity protection 10
© 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
11.
Integrity protection –
Validator • Protects integrity of kernel modules, executables, libraries and data files. • Primary goal is to protect components belonging to TCB • The Validator maintains a reference hash list of all protected files • Includes SHA1, file attributes, and AC related data • Protected by the device specific signature • Debian packages contains SHA1 hashes of files to be protected • Application Manager updates reference hash list upon package installation, removal or upgrade • Integrity protection policy defines action when integrity verification fails – currently blocks the execution • Validator has support for integrity protection of non-modifiable data files for protecting critical configuration files 11 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
12.
Integrity subsystem components •
Application Manager User space Package • installs new binaries and updates Manager reference hash list 1 2.1 • Validator-init Validator Reference Hash List Init • Loads new or updated reference hash list into the kernel 2.2 • Validator • LSM module Linux Kernel • Is called upon execve() or mmap() 3 Validator Launcher • calculates and compares hash and file attributes. • Verification results are cached 12 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
13.
Access Control 13
© 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
14.
Design Goals • Classical
UNIX DAC • Multi user model – protect users from each other • POSIX capabilities are not really in use – root does everything • No process based access control • MSSF Design goals • Process-based access control to protected resource • protect processes from each other • Minimal changes to the default Linux model • No need for centralized security policy • Protected resource • virtual object which represents some functionality or data, such as tasks, files, sockets, devices. 14 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
15.
Credentials • Traditional Linux
credentials consist of UIDs, GIDs and POSIX capabilities • MSSF Access Control extends it with resource tokens and application identifier • Resource tokens • Strings, naming protected resources – similar to labels in other security frameworks • Global: UserData, Cellular, Location, etc • Package specific: my-package::access • Application ID • It is used to derived application specific cryptographic keys • Defined as: AppID = {SourceID, Package, Application Name} • AppID = {ovi.com, CoolTools, AddressBookPlugIn} • Properties: Unforgeable, unique, persistent. • Application name is given in Manifest file (optional) • Applications declare provided and requested credentials in the Manifest file that is included in the package 15 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
16.
Access Control framework
components • Manifest file • Manifest file is included to the package and contains list of executables and its credentials. • Additionally device security policy updates, integrity protection related information • Device security policy • Located on the device and defines SW source trust level and credentials, which can be granted to packages coming from that repository. • Credentials policy • It is a file which contains mapping of credentials to executables. Package Manager updates this file when packages are installed, upgraded or removed. • Package Manager • In addition to installing the application, Package Manager updates Credentials Policy database. • Credentials policy loader • It is called during boot to read and import credentials policy into the kernel. • Credentials Manager (kernel modules) • Provides credentials management and assignment to the process. 16 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
17.
Manifest File • Manifest
file is provided with the package and defines credentials and policies for the package. • Manifest file is written in XML and defines tags, such as: • <request> - requested credentials • <provide> - Provided credentials: • <credential name=“credential name”> - credential name • <for path=“path”> - absolute path to the executable • <dbus name=“dbus service name”> - D-bus service name: • <bus=“bus type”> - D-bus type (system or session) • <own=“credential name”> - Credential to bind to a specific d-bus service name • <interface name=“interface name”> - D-Bus interface name • Package manager updates Credentials Policy based on the Manifest File and constraints from the Device Security Policy 17 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
18.
Manifest file examples •
Server defines resource token UserData needed to access the server <mssf> <provide> <credential name="UserData" /> </provide> </mssf> • Client declares that it requires tokens UserData and Cellular <mssf> <request> <credential name="server-pkg::UserData" /> <credential name="Cellular" /> <credential name="CAP::net_admin" /> <for path="/usr/bin/userdatamanager"/> <for path="/usr/bin/userdataclient"/> </request> </mssf> • Both applications will get the same credentials 18 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
19.
Device Security Policy •
Provides mapping between SW sources and allowed credentials • Contains entries for repositories in the format: • {SourceID : Trust Level : Public Key : Allowed credentials} • Where • SourceID is the name of the repository, e.g in a form of domain name • Trust Level is a number defining ranking of the repository. Packages can only be updated from repository which has the same or higher trust level. • Public Key is a repository key to use for package verification • Allowed credentials is a list of credentials, which can be granted by this repository. • Example • {meego.com : 1 : ABCDEF : UserData, Cellular} • Package manager verifies if all credentials from Manifest file can be granted 19 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
20.
Credentials Policy • A
file which contains mapping of credentials to executables. • Produced from Manifest file and Device Security policy (intersection rule) • Package Manager updates this file when packages are installed, upgraded or removed • Example Package: bluez Source: com.nokia.maemo Request: CAP::net_bind_service CAP::net_admin CAP::net_raw CAP::ipc_lock Cellular GRP::phonet Object: /usr/sbin/hciconfig Object: /usr/bin/hcitool Object: /usr/bin/sdptool 20 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
21.
Package Installation 1. Package
comes with Manifest Manifest 2. Package Manager checks the Device Package Security policy for the information 1 3. Package Manager updates the User space Credentials Policy according to the Security 2 Package Policy ”Intersection rule” Manager 4. Package Manager possibly updates D- 4 3 Bus policy DBUS Credentials 5. Package Manager updates runtime Policy Policy credentials policy in the kernel. Linux Kernel 5 Runtime Credentials Credentials Policy Manager 21 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
22.
Startup 1. Credentials policy
loader loads User space credentials policy to the kernel at boot DBUS Credentials 2. Upon application startup, Policy Policy Policy Manager modifies process’ credentials Application 1.1 according to the policy. DBUS Policy 3. File AC 5 daemon Loader ● Validator checks process credentials using kernel API 1.2 Linux Kernel 4 4. D-Bus Process Modify Credentials ● D-Bus daemon checks client Object ACL Credentials Manager 2 credentials using libcreds 1.3 3 5. Client-server Linux Runtime Credentials ● Application checks client credentials Reference Monitor Policy using libcreds 22 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
23.
Credentials API –
libcreds • Allows the server to read the credentials of the client process and to perform the desired credential checks. • Policy enforcement is done at application side • Example int foo() { creds_value_t value; creds_type_t type; require_type = creds_str2creds("UserData", &require_value); fd = accept(sockfd, &cli_addr, &clilen); ccreds = creds_getpeer(fd); allow = creds_have_p(ccreds, require_type, require_value); if (allow) write(fd, MESSAGE("GRANTEDn")); else write(fd, MESSAGE("DENIEDn")); } 23 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
24.
Kernel implementation • Kernel
modules: • Restok • Provides a persistent mapping of strings to unique dynamically assigned identifier numbers. The generated identifiers are used as supplementary group numbers in the task structure and provide additional, dynamically configured credentials for processes. • Credp • Provides credentials management and assignment to the process. • Registers a hook to: security/commoncap.c:cap_bprm_set_creds() • Operations: credp_kload, credp_kunload, credp_kconfine, credp_kset. • Creds • Provides an API for user space access control in client/server architecture. It allows the server a way to read the credentials of the client process and to perform the desired credential checks • Operations: creds_kget, creds_kcreds2str, creds_kstr2creds, creds_khave_p. 24 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
25.
Privacy protection 25
© 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
26.
Protected Storage &
SecureFS • Provides integrity and confidentiality protection • Allows to protect Security policies, certificates, configuration files • API based solution • Storage types • Global / Private / shared • Signed / Encrypted • Uses cryptography • Application specific key: K(AppID, device key) • Shared key: K(resource token, device key) • SecureFS • FUSE-based file system to use standard file API • Manifest file contains description of mount points and their protection properties • Under development 26 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
27.
Conclusions & Future
work • MSSF is a light-weight alternative to heavy security frameworks for mobile devices, provides complete end-to-end security infrastructure and is based on secure SW distribution. • Future work • Access Control • Socket protection under development • Resource token based file system access control is missing • Integrity protection • When EVM comes to the kernel, it looks like possible alternative to MSSF Validator solution 27 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
28.
Q&A • Public project
on • http://meego.gitorious.org/meego-platform-security • Kernel, libraries Thank You 28 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
29.
Extra slides 29
© 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
30.
Linux Kernel Security
Implementations • Classical UNIX DAC • Multi user model – protect user from one another • POSIX capabilities are not really in use – root does everything • No process based access control • SELinux • Domain Type Enforcement (DTE) • Requires complex and centralized policy administration • Tomoyo • Path-based access control • Utilizes “process invocation history” and requires administrative actions not applicable for mobile device • Smack • Simple MAC implementation • Uses labels to attach to components and applies access rules between the labels defined by administrator 30 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
31.
Manifest for Device
Security Update <aegis> <domain name=“MyDomain" rank="30"> <allow> <credential match="*"/> <deny> <credential name="drm"/> </deny> </allow> <origin> <keyinfo> mQGiBEO6XBMRBACFyO </keyinfo> </origin> </domain> </aegis> 31 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
32.
DBUS Manifest example
- server • Server <aegis> <provide> <credential name="access" /> <dbus name="com.maemo.Aegis.example" own="aegis-dbus-server" bus="session"> <node name="/"> <interface name="Aegis.Example"> <annotation name="com.maemo.secure.Access" value="access"/> </interface> </node> </dbus> </provide> <request> <for path="/usr/bin/aegis-dbus-server" /> </request> </aegis> 32 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
33.
DBUS manifest example
- client • Client <aegis> <request> <credential name="aegis-dbus-server::access" /> <for path="/usr/bin/aegis-dbus-client" /> </request> </aegis> 33 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
34.
DBUS generated policy • <busconfig>
<policy context="default"> <deny own="com.maemo.Aegis.example"/> </policy> <policy creds="aegis-dbus-server::aegis-dbus-server"> <allow own="com.maemo.Aegis.example"/> </policy> <policy context="default"> <deny send_destination="com.maemo.Aegis.example" send_interface="Aegis.Example"/> <deny receive_sender="com.maemo.Aegis.example" receive_interface="Aegis.Example"/> </policy> <policy creds="aegis-dbus-server::access"> <allow send_destination="com.maemo.Aegis.example" send_interface="Aegis.Example"/> <allow receive_sender="com.maemo.Aegis.example" receive_interface="Aegis.Example"/> </policy> </busconfig> 34 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
35.
More examples • <aegis>
<request> <credential name="UID::email" /> <credential name="GID::email" /> <for path="/usr/bin/aegis-dbus-server" /> </request> </aegis> 35 © 2010 Nokia / Mobile Simplified Security Framework / OLS 2010 / 14.07.2010 / DK
Jetzt herunterladen