tizen, security and the internet of...
TRANSCRIPT
1
Tizen, Security and
The Internet of Things
Casey Schaufler
2
Casey Schaufler
• Security Dinosaur
• Smack Linux Security Module
• Manager Tizen and Linux Kernel Security
3
Tizen
• Linux based operating system
• Project of the Linux Foundation
• Lead by Samsung and Intel
4
Security
• Does what it’s supposed to
• Doesn’t do anything else
• Know the difference
5
Internet of Things
• Collection of computing devices
• Heterogeneous
• Autonomous
6
Things
• Just want to perform their function
• Not primarily computers
7
Things need to communicate
• Willing to talk to anyone
• Wide variety of “networks”
• Free from traditional administration
8
Device Views of the Internet of Things•
9
Security By Proximity
Only connect with things nearby
10
Security by Obscurity
No one could possibly guess!
11
Security By Pairing
Ask human permission
Requires a user interface
12
Security by Wire
1970’s Smart House
13
OPEN INTERCONNECT CONSORTIUM
14
Back To Tizen
• Linux distribution for devices
• Collection of profiles
• Common security base
15
Tizen Security Basics
Smack
CapabilitiesUser Based
Controls
Systemd Cynara dbus Buxton Connman
CrosswalkWeston
X11tz-launcherBluetoothOfono
HTML5
Application
Native
Application
Kernel
Services
16
Write
Read
Additional
restrictions
may apply
Tizen Three Domain Security
Floor (“_”)
System
User
HTML5 Application Native Application
17
Tizen Application Privileges
Linux Kernel Services
Cynara
Service
HTML5 Application Native Application
Service
18
Security Perimeter
18
Internet
4G
Body
Area
Network
BluetoothApplication
19
Application Privilege Attributes
• Name of the privilege
• http://tizen.org/privilege/vibrator
• Smack label of requester
• RaunchyRhinos
• UID of requestor
• 5001
• Access permitted
• r, rw, …
20
Native Application Woes
• Use kernel interfaces directly
• Avoid service based controls
21
System Object Attributes
• Smack label
• UID
• GID
• Mode bits
• Smack access rules
22
Running Applications
• Unique Smack label per application
• Unique UID per user account
• Application launcher
Thank You