Tizen, Security and The Internet of...
Transcript of Tizen, Security and The Internet of...
![Page 1: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/1.jpg)
1
Tizen, Security and
The Internet of Things
Casey Schaufler
![Page 2: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/2.jpg)
2
Casey Schaufler
• Security Dinosaur
• Smack Linux Security Module
• Manager Tizen and Linux Kernel Security
![Page 3: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/3.jpg)
3
Tizen
• Linux based operating system
• Project of the Linux Foundation
• Lead by Samsung and Intel
![Page 4: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/4.jpg)
4
Security
• Does what it’s supposed to
• Doesn’t do anything else
• Know the difference
![Page 5: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/5.jpg)
5
Internet of Things
• Collection of computing devices
• Heterogeneous
• Autonomous
![Page 6: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/6.jpg)
6
Things
• Just want to perform their function
• Not primarily computers
![Page 7: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/7.jpg)
7
Things need to communicate
• Willing to talk to anyone
• Wide variety of “networks”
• Free from traditional administration
![Page 8: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/8.jpg)
8
Device Views of the Internet of Things•
![Page 9: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/9.jpg)
9
Security By Proximity
Only connect with things nearby
![Page 10: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/10.jpg)
10
Security by Obscurity
No one could possibly guess!
![Page 11: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/11.jpg)
11
Security By Pairing
Ask human permission
Requires a user interface
![Page 12: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/12.jpg)
12
Security by Wire
1970’s Smart House
![Page 13: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/13.jpg)
13
OPEN INTERCONNECT CONSORTIUM
![Page 14: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/14.jpg)
14
Back To Tizen
• Linux distribution for devices
• Collection of profiles
• Common security base
![Page 15: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/15.jpg)
15
Tizen Security Basics
Smack
CapabilitiesUser Based
Controls
Systemd Cynara dbus Buxton Connman
CrosswalkWeston
X11tz-launcherBluetoothOfono
HTML5
Application
Native
Application
Kernel
Services
![Page 16: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/16.jpg)
16
Write
Read
Additional
restrictions
may apply
Tizen Three Domain Security
Floor (“_”)
System
User
HTML5 Application Native Application
![Page 17: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/17.jpg)
17
Tizen Application Privileges
Linux Kernel Services
Cynara
Service
HTML5 Application Native Application
Service
![Page 18: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/18.jpg)
18
Security Perimeter
18
Internet
4G
Body
Area
Network
BluetoothApplication
![Page 19: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/19.jpg)
19
Application Privilege Attributes
• Name of the privilege
• http://tizen.org/privilege/vibrator
• Smack label of requester
• RaunchyRhinos
• UID of requestor
• 5001
• Access permitted
• r, rw, …
![Page 20: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/20.jpg)
20
Native Application Woes
• Use kernel interfaces directly
• Avoid service based controls
![Page 21: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/21.jpg)
21
System Object Attributes
• Smack label
• UID
• GID
• Mode bits
• Smack access rules
![Page 22: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/22.jpg)
22
Running Applications
• Unique Smack label per application
• Unique UID per user account
• Application launcher
![Page 23: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security](https://reader033.fdocuments.us/reader033/viewer/2022050209/5f5c619c129c53111d0d6cf7/html5/thumbnails/23.jpg)
Thank You