Tizen, Security and The Internet of Thingskernsec.org/files/lss2014/schaufler_201408-LinuxSecuritySummit-Tiz… · Tizen Security Basics Smack Capabilities User Based Controls Systemd

Tizen, Security and

The Internet of Things

Casey Schaufler

• Security Dinosaur

• Smack Linux Security Module

• Manager Tizen and Linux Kernel Security

• Linux based operating system

• Project of the Linux Foundation

• Lead by Samsung and Intel

Security

• Does what it’s supposed to

• Doesn’t do anything else

• Know the difference

Internet of Things

• Collection of computing devices

• Heterogeneous

• Autonomous

Things

• Just want to perform their function

• Not primarily computers

Things need to communicate

• Willing to talk to anyone

• Wide variety of “networks”

• Free from traditional administration

OPEN INTERCONNECT CONSORTIUM

How a Device Views the Internet of Things• Wisdom

• Danger

Back To Tizen

• Linux distribution for devices

• Collection of profiles

• Common security base

Tizen Security Basics

CapabilitiesUser Based

Controls

Systemd Cynara dbus Buxton Connman

CrosswalkWeston

X11tz-launcherBluetoothOfono

Application

Native

Application

Kernel

Services

Additional

restrictions

may apply

Tizen Three Domain Security

Floor (“_”)

System

HTML5 Application Native Application

Tizen Application Privileges

Linux Kernel Services

Cynara

Service

HTML5 Application Native Application

Service

Application Privilege Attributes

• Name of the privilege

• http://tizen.org/privilege/vibrator

• Smack label of requester

• RaunchyRhinos

• UID of requestor

• 5001

• Access permitted

• r, rw, …

Security Perimeter

Internet

Network

BluetoothApplication

Native Application Woes

• Use kernel interfaces directly

• Avoid service based controls

System Object Attributes

• Smack label

• UID

• GID

• Mode bits

• Smack access rules

Running Applications

• Unique Smack label per application

• Unique UID per user account

• Application launcher

Tizen, Security and The Internet of Thingskernsec.org/files/lss2014/schaufler_201408-LinuxSecuritySummit-Tiz… · Tizen Security Basics Smack Capabilities User Based Controls Systemd

Documents

Systemd for developers

Essentials of Tizen UX Design/Tizen UX

Embedded Software Lab. @ SKKU 43 1 Tizen Bootup. Embedded...

Systemd - Firenze LUG

systemd: building the future

Gerenciando Serviços com Systemd

HACKING TIZEN - HITB · Tizen Security community. •...

Systemd Evolution Revolution Regression

Tizen Debugging - Tizen Wiki · • Select Debug As...

Tizen Development Environment -...

От sysV к systemd

systemd - A very short introduction Prof. Rossano Pablo...

Demystifying systemd - Red Hat€¦ · •Maintainer files:...

Systemd mlug-20140614

Systemd - Como Lug

systemd для администраторов -...