Top Banner
1 Tizen, Security and The Internet of Things Casey Schaufler
23

Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

Jul 20, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

1

Tizen, Security and

The Internet of Things

Casey Schaufler

Page 2: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

2

Casey Schaufler

• Security Dinosaur

• Smack Linux Security Module

• Manager Tizen and Linux Kernel Security

Page 3: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

3

Tizen

• Linux based operating system

• Project of the Linux Foundation

• Lead by Samsung and Intel

Page 4: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

4

Security

• Does what it’s supposed to

• Doesn’t do anything else

• Know the difference

Page 5: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

5

Internet of Things

• Collection of computing devices

• Heterogeneous

• Autonomous

Page 6: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

6

Things

• Just want to perform their function

• Not primarily computers

Page 7: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

7

Things need to communicate

• Willing to talk to anyone

• Wide variety of “networks”

• Free from traditional administration

Page 8: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

8

Device Views of the Internet of Things•

Page 9: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

9

Security By Proximity

Only connect with things nearby

Page 10: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

10

Security by Obscurity

No one could possibly guess!

Page 11: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

11

Security By Pairing

Ask human permission

Requires a user interface

Page 12: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

12

Security by Wire

1970’s Smart House

Page 13: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

13

OPEN INTERCONNECT CONSORTIUM

Page 14: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

14

Back To Tizen

• Linux distribution for devices

• Collection of profiles

• Common security base

Page 15: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

15

Tizen Security Basics

Smack

CapabilitiesUser Based

Controls

Systemd Cynara dbus Buxton Connman

CrosswalkWeston

X11tz-launcherBluetoothOfono

HTML5

Application

Native

Application

Kernel

Services

Page 16: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

16

Write

Read

Additional

restrictions

may apply

Tizen Three Domain Security

Floor (“_”)

System

User

HTML5 Application Native Application

Page 17: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

17

Tizen Application Privileges

Linux Kernel Services

Cynara

Service

HTML5 Application Native Application

Service

Page 18: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

18

Security Perimeter

18

Internet

4G

Body

Area

Network

BluetoothApplication

Page 19: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

19

Application Privilege Attributes

• Name of the privilege

• http://tizen.org/privilege/vibrator

• Smack label of requester

• RaunchyRhinos

• UID of requestor

• 5001

• Access permitted

• r, rw, …

Page 20: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

20

Native Application Woes

• Use kernel interfaces directly

• Avoid service based controls

Page 21: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

21

System Object Attributes

• Smack label

• UID

• GID

• Mode bits

• Smack access rules

Page 22: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

22

Running Applications

• Unique Smack label per application

• Unique UID per user account

• Application launcher

Page 23: Tizen, Security and The Internet of Thingsdownload.tizen.org/misc/media/tds2014/slides/Security-IOT_CaseySc… · 10 Security by Obscurity No one could possibly guess! 11 Security

Thank You


Related Documents
Mythbusters - Jfokus · Mythbusters ! Security means different things to different people ! Closed source more secure than open source ! Security could be achieved by obscurity !

Mythbusters - Jfokus · Mythbusters ! Security means...

Category: Documents
Steganography - Universitetet i oslofolk.uio.no/infmkt/mkt10c-steg.pdfSteganography Security through obscurity stegano graphy covered writing The art of hiding information in ways

Steganography - Universitetet i...

Category: Documents
ANONYMITY, OBSCURITY, AND TECHNOLOGY: RECONSIDERING ...

ANONYMITY, OBSCURITY, AND TECHNOLOGY: RECONSIDERING ...

Category: Documents
Security Through Obscurity

Security Through Obscurity

Category: Documents
PradeepShrivastava | Sacrifice - The Road to Obscurity

PradeepShrivastava | Sacrifice - The Road to Obscurity

Category: Documents
Nietzsche, And the Obscurity of Light

Nietzsche, And the Obscurity of Light

Category: Documents
KMC Product Overview€¦ · By using best security practices, we choose not to use “security through obscurity.” Open Device Protocols KMC Commander communicates over these common

KMC Product Overview€¦ · By using best security...

Category: Documents
AMWA/EBU Joint Security Efforts - IP Showcase · 9/15/2018  · • Security through obscurity? ... • Default simple password ... SECURITY - EBU R 148. From IP Showcase Theatre

AMWA/EBU Joint Security Efforts - IP Showcase · 9/15/2018....

Category: Documents
Types of Obscurity in Thomas Hardy's Jude the Obscure and ... · PDF fileTypes of Obscurity in Thomas Hardy's Jude the Obscure and Maurice Blanchot's 114 Obscurity: The Concept and

Types of Obscurity in Thomas Hardy's Jude the Obscure and...

Category: Documents
Legic Prime: Obscurity in Depth - CCC

Legic Prime: Obscurity in Depth - CCC

Category: Documents
Writing IRC Bots - Obscurity Systems

Writing IRC Bots - Obscurity Systems

Category: Documents
Moving Hardware from “Security through Obscurity” to ...Moving Hardware from “Security through Obscurity” to “Secure by Design” Professor Ryan Kastner Dept. of Computer

Moving Hardware from “Security through Obscurity” to...

Category: Documents