maemo 6 platform security
If you can't read please download the document
DESCRIPTION
This is a presentation on the concepts of the Maemo 6 platform security, which will enable more mainstream content business.TRANSCRIPT
- 1. Maemo 6 Platform Security Principles and Building blocks Elena Reshetova Senior Security Engineer, Nokia 1
2. What is Platform Security? Set of a mechanisms and techniques, whichare used to protect the entire SW platform2 3. Device modes Open source strategy Bigger developer offering Easy to program for a device Optional copy protection (DRM) The same functionality as earlier More use cases for a device usage Compile and flash your own kernel Games, Commercial applications Made a low-level platform development More business models Ovi Store Comes with Music3 4. Access control in Linux Classical Unix AC Based on multiuser model POSIX capabilities arent really in use (root has all, others none) Our criteria: Process level access control needed Minimal changes to the current model (enforcement phase) Good level of flexibility and granularity, easy to understand concept (KISS) Existing security extensions, no good match to criteria FreeBSD AC, MLS, Biba, SELinux, RBAC, AppArmor, TOMOYO Linux, Our approach: Apply, and minimally extend Classical Unix AC to meet set criteria Re-use multiuser-model for application-level access control Architecture outlined in the next slides4 5. Hardware enablers & Boot process Nokia Signed Trusted Execution EnvironmentSW Image (TrEE) (for instance ARM Trust Zone) with two main keys:Restrict security functionality * Reset Root public key Root device specific key NoDevice SIM Locked? Integrity is OK * includes: DRM keys are disabled Content from the previous mode cant be decrypted Integrity isnt OK5 6. Access Control Principle of least privileges Every application should be able to access only limited set of needed resources Protected resources Things like Cellular functionality, Location and so on No final list yet Possibility to introduce new protected resources Application must declare resources, it needs Aegis Manifest File No security APIs by default Development is almost unchanged Complicated things are automated6 7. Device Security Policy SW gets its rights based on its source Resource 1Resource 1 Resource 2Resource 2Resource 3 Resource 3 and Aegis Manifest FileCreate Aegis ManifestPut your SW to a suitable repository/source Quality assurance (QA) checks in the Ovi Storemaemo.org ... Source N repositories Aegis Security Policy file accessible only for installer contains mapping between SW sources and allowed resources7 8. Privacy Protection - Aegis Protected Storage Ensures integrity of data and configuration files after installation Place the filesinto Protected Additional features:Storage Data encryption inside the storage Private, shared and global or externallysigned storagesAegis Interface to TrEE, which is used to Protectedsign/verify, encrypt/decrypt the dataStorage APIs Access to a protected storage is definedby an application identifier or applicationgroup8 9. Integrity protection Aegis ValidatorApplication Ensures integrity of the executablebinary components (binaries, libraries, ...) Run-time Yes Against Offline attacks Kernel module Calculates a cryptographic hash of the executable (currently SHA-1) Reference hashes are stored in the No!Aegis Protected StorageGet thepolicy9 10. Most of the Security FW will be open sourced Your feedback and reports are welcome: [email protected]