dominig ar foll
play

Dominig ar Foll Senior Software Architect Intel Open Source IoT - PowerPoint PPT Presentation

Mar 12, 2024 •133 likes •344 views

Dominig ar Foll Senior Software Architect Intel Open Source IoT Summit 2016, Berlin, DE dominig.arfoll@fridu.net 1/21 Attacking IoT, a viable business Ransom model Stall manufacturing Immobilise expensive items (e.g. your car)

  1. Dominig ar Foll Senior Software Architect Intel Open Source IoT Summit 2016, Berlin, DE dominig.arfoll@fridu.net 1/21

  2. Attacking IoT, a viable business ➢ Ransom model ➢ Stall manufacturing ➢ Immobilise expensive items (e.g. your car) ➢ … ➢ Competitive advantage ➢ Collecting R&D, manufacturing data ➢ Disturbing production line ➢ Indirect ➢ Cheap robot for DDoS ➢ Easy entry point

  3. Understanding the risks Developer Fix all possible weaknesses Deactivate possible users errors LTS assumed for free Back Hat Only need one security hole Can be help by careless users Good long term business opportunities Good international network 3/21

  4. Security fundamentals Minimise surface of attack Control the code which is run Provide a bullet proof update model Track security patches Use HW security helpers when available Limit lateral movement in the system Develop and QA with security turned on Do not rely on human but on platform and tools Security cannot be added after the fact 4/21

  5. Do not rely on human ➢ Security experts are out of reach ➢ 9M Mobile Developers ➢ 8M Web Developers ➢ 0.5M Embedded Developers ➢ How many Embedded Security Developers ? ➢ Human are unreliable ➢ We do not have the time now ➢ Oups, it’s too late to change it ➢ No one is interested by our system ➢ We are too small ➢ ...

  6. Concepts are Known but what about implementation? Full isolation AppFW AppFW Untrusted Apps / Middleware Untrusted Apps / Middleware App Debug App Debug App Packaging App Packaging API API Mandatory Access Control Default policies Default policies Integrity Debug Debug Harden OS services Harden OS services Name Space Sample code Sample code Firewall HowTo HowTo Safe update Signing Signing Encryption Linux Kernel with up-to-date patches Linux Kernel with up-to-date patches Repo create Repo create ID/Key protection Debug Debug SoC Specific drivers Customize Customize EPID TPM UEFI EPID TPM UEFI SoC Drivers SoC Drivers ID Management Private/Secure Store Secured Boot ID Management Private/Secure Store Secured Boot Tools-Doc Software running onTarget Tools-Doc Software running onTarget 6/21

  7. Know who/what you trust ➢ Trusted Boot : a MUST Have Feature ➢ Leverage hardware capabilities ➢ Small series & developer key handling ➢ Application Installation ➢ Verify integrity ➢ Verify origin ➢ Request User Consent [privacy & permissions] ➢ Update ➢ Only signed updates with a trusted origin ➢ Secured updates on compromised devices are a no-go option ➢ Factory reset built-in from a trusted zone ➢ Do not let back doors opened via containers ➢ Strict control of custom drivers [in kernel mode everything is possible] 7/21

  8. Layered Architecture ➢ Client/UI (untrusted) ➢ Risk of code injection (HTML5/QML) ➢ UI on external devices (Mobiles, Tablets) ➢ Access to secure service APIs [REST/WS] ➢ Applications & Services (semi-trusted) ➢ Unknown developers & Multi-source ➢ High-grain protection by Linux DAC & MAC labels. ➢ Run under control of Application Framework: need to provide a security manifest ➢ Platform & System services (trusted) ➢ Message Services started by systemd ➢ Service and API fine grain privilege protection ➢ Part of baseline distribution and certified services only 8/21

  9. Bullet proof update and ID Update is the only possible correction l Must run safely on compromised devices l Cannot assume a know starting point Compromised ID / keys has no return l Per device unique ID l Per device symmetric keys l Use HW ID protection (e.g. EPID) Non reproducibility l Breaking in one device cannot be extended l Development I/O are disabled l Root password is unique (or better a key) l Password cannot be easily recalculated 9/21

  10. A practical example (AGL) Applicable to any Industrial IoT Linux 10/21

  11. Service isolation Run services with UID<>0 SystemD is your friend l Create dedicated UID per service l Use Linux MAC and Smack DAC to minimise open Access Drop privileges l Posix privileges l MAC privileges C-goups l Reduce offending power l RAM/CPU/IO Name Space l Limit access to private data l Limit access to connectivity https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt https://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txt http://man7.org/linux/man-pages/man7/namespaces.7.html https://en.wikipedia.org/wiki/Mandatory_access_control https://en.wikipedia.org/wiki/Discretionary_access_control 11/21

  12. Segregate Apps from OS ➢ Application Manager ➢ One system daemon for application live cycle installs, update, delete ➢ One user daemon per user for application start, stop, pause, resume ➢ Create initial share secret between UI and Binder ➢ Spawn and controls application processes: binder, UI, … ➢ Security Manager ➢ Responsible of privilege enforcement ➢ Based on Cynara + WebSocket and D-Bus for Legacy) ➢ Application & Services Binders ➢ Expose platform APIs to UI, Services, Applications ➢ Loads services/application plugins :Audio, Canbus, Media Server… ➢ One private binder per application/services [REST, WebSocket, Dbus] ➢ Authenticate UI by oAuth token type ➢ Secured by SMACK label + UID/GIDs ➢ AppBinders runs under user $HOME 12/21

  13. AGL2 Application Security Application Framwork Live Cycle Management Log/Supervision Start,Stop,Pause,Install,Remove,... Navigation MultiMedia Cgroups Service Service Service NameSpace Carte handling Carte handling Media Player Containers POI management POI management Radio Interface etc... etc... etc... Transport + Acess Control Agent-2 Agent-3 Agent-4 MAC Car Environement Engine Remote Signal Enforcement CAN Bus-A CAN Bus-B Smart City Smack LIN Bus-A Cluster-Unit RVI ... Audio Cloud Distributed Application Architecture 13/21

  14. AGL2 AppFW logic 14/21

  15. To write an App ➢ Write back-end binding ➢ Adds the specialised API to the system ➢ Accessible by Web Socket or slow legacy D-Bus ➢ Run in its own security domain ➢ Can be cascaded ➢ Write the Front end ➢ Typically in HTML5, QML but open to any ➢ Connect to back-end binding using REST with secured key (OAuth2) ➢ ➢ Package ➢ Based on W3C widget ➢ Feature allow to handle AGL specificities ➢ Install via the AppFW 15/21

  16. AGL2+ Distributed Architecture Entertainement Cluster Cloud Navigation Maintenance Portal My Car Portal Head Unix Service Know Bugs Paiement Direction Indication Carte handling Maintenances Subcriptions Localistion management Service Packs Preference POI Transport & ACL Transport & ACL Transport & ACL Geopositioning Preferences Log CAN-BUS Cluster Virtual Virtual Signal & Analytics Virtual Signal Signal Custumisation Gyro, Acelerometer CAN-BUS MongoDB Engine No-SQL Engine Engine-CAN-BUS CAN GPS Paiement Service LIN-BUS Statistics & Analytics ABS Multi ECU & Cloud Aware Architecture 16/21

  17. AGL2++ Virtualised Architecture Less Privileges DomU Entertainment DomU Cluster Container AGL App-1 AGL App-2 AGL App-3 App-1 App-2 DOM0 controller AGL Extra AGL Mini Ressources Emergency Alloc/Porxy Diagnistics Plateform Services Middleware Services Trusted Apps AGL Core Plateform Services Linux-RT/Microkernel Integrety control PKI safe Store Guest Operating AGL Linux Kernel Guest Operating AGL Linux More Privileges Supervisor Virt Virt Virt Virt Audio Audio GPU GPU Trusted Boot Hypervisor Trusted Zone Hardware Virtualized Secure Architecture 17/21

  18. Conclusion ➢ Technologies are available ➢ Secure boot, Secure zone ➢ Update over the air ➢ Isolation and containment ➢ Tools and training ➢ Management is not ready ➢ Still perceived as a nice to have ➢ Too risky to commit ➢ Engineering sees security as a brake to innovation ➢ Requires a serious personal investment and paradigm shift ➢ Complexity imposes to select a “Ready Made” solution ➢ AGL, Tizen, Snappy, ... ➢ “Will add it later” attitude is common but a guaranteed model to failure 18/21

  19. Questions IoT Summit 2016, Berlin, DE dominig.arfoll@fridu.net

  20. Container "A mixed blessing" Easy to use l Detach the App from the platform l Integrated App management l Well known Not very secure l Unreliable introspection l MAC has no power on the inside of a container l Updating the platform does not update the l middleware l Beside the Kernel each App provide its own version l of the OS l Each App restart requires a full passing of credential l RAM and Flash footprint are uncontrollable l Far more secured with Clear Container but not applicable to low end SoC. Only I/O via network https://www.opencontainers.org/ l Well equipped for Rest API https://lwn.net/Articles/644675/ l All other I/O requires driver level access or bespoke framework. 20/21

  21. Security Check list Control which code you run Control image creation l Secure boot l No debug tool in production l Integrity l No default root password l Secure update l No unrequired open port Isolate services Continuous integration l Drop root when possible l Automate static analysis l Drop privileges l QA on secured image Isolate Apps Help developer l Apps are not the OS l Integrate security in Devel image l Enforce – restrict access to standard API l Provide clear guide line l Isolate Apps from OS Identity l Focus on standardised Middleware l Enforce identity unicity l Use available HW protection Encryption l Network traffic l Local storage 21/21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dominig ar Foll Senior Software Architect Intel Open Source Fosdem 2017, Brussel, Be

Dominig ar Foll Senior Software Architect Intel Open Source Fosdem 2017, Brussel, Be

Dominig ar Foll Senior Software Architect Intel Open Source Fosdem 2017, Brussel, Be dominig.arfoll@fridu.net 1/30 A harden Embedded Linux Applicable to any Industrial IoT Linux 2/30 3/30 4/30 Top 25 Git Commituers in 2016 Commits Name

1.37k views • 30 slides
Creating a profile from Tizen:Common Dominig ar Foll (Intel Open Source Technology Centre)

Creating a profile from Tizen:Common Dominig ar Foll (Intel Open Source Technology Centre)

Creating a profile from Tizen:Common Dominig ar Foll (Intel Open Source Technology Centre) dominig.arfoll@fridu.net October 2014 Agenda Why Tizen:Common ? Inheriting from Tizen:Common Inside Tizen:Common Changelog &amp; Roadmap

537 views • 29 slides
Tizen IVI Architecture New features Dominig ar Foll, Intel Open Source Agenda What is Tizen

Tizen IVI Architecture New features Dominig ar Foll, Intel Open Source Agenda What is Tizen

Tizen IVI Architecture New features Dominig ar Foll, Intel Open Source Agenda What is Tizen IVI How to join the project Our road map Architecture New Features 2 What is Tizen IVI Tizen IVI Support Intel and ARM

534 views • 28 slides
Ready made Recipes to add Security and Data Protection to a Yocto based Project reusing

Ready made Recipes to add Security and Data Protection to a Yocto based Project reusing

Ready made Recipes to add Security and Data Protection to a Yocto based Project reusing Tizen-Meta Dominig ar Foll (Intel Open Source Technology Centre) dominig.arfoll@fridu.net March 2015 Tizen-Meta IoT and Security What is Tizen

682 views • 31 slides
RMLL 2009 Network virtualisation using Netkit and Dynamips Cedric Foll 07.08.09 Cedric Foll

RMLL 2009 Network virtualisation using Netkit and Dynamips Cedric Foll 07.08.09 Cedric Foll

RMLL 2009 Network virtualisation using Netkit and Dynamips Cedric Foll 07.08.09 Cedric Foll cedric.foll@(laposte.net|education.gouv.fr) Network and security architect and Chef Security Officer (CSO) of French Ministry of Education Teacher

408 views • 21 slides
How can we grow our foll llowers, and can we move from passive to activ ive engagement? ? 19

How can we grow our foll llowers, and can we move from passive to activ ive engagement? ? 19

What t are the e princip nciples les of f eff ffective ctive strate rategies ies (incl. ncl. storytelling orytelling and nd collaborat laborating)? ing)? How can we grow our foll llowers, and can we move from passive to activ ive

636 views • 27 slides
Pa Pacific yo youth fo foll llow-up af after r a a suic suicide at attempt pre

Pa Pacific yo youth fo foll llow-up af after r a a suic suicide at attempt pre

Pa Pacific yo youth fo foll llow-up af after r a a suic suicide at attempt pre resentation to to Mid iddlemore Hospital Emergency Dep Em epart rtment A mixed method study combining quantitative and qualitative methods By:

378 views • 26 slides
Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert

Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert

Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert Group Master Architect, Global Software Practice Sun Microsystems. Fulup.ArFoll@sun.com p 1 San Diego April 2007 e-Government Trend France :

605 views • 18 slides
You Should Foll llow The Business Judgment Rule Im David Tate. I am a California litigation

You Should Foll llow The Business Judgment Rule Im David Tate. I am a California litigation

You Should Foll llow The Business Judgment Rule Im David Tate. I am a California litigation attorney: primarily business/corporate, trust, estate, elder abuse, disability/discrimination, and real estate litigation and disputes, including

614 views • 23 slides
Netflow Malicious activities detection Cedric Foll @follc Goal Being able to detect (most of)

Netflow Malicious activities detection Cedric Foll @follc Goal Being able to detect (most of)

Netflow Malicious activities detection Cedric Foll @follc Goal Being able to detect (most of) malicious activities without having to read logs Logs are boring, reading them takes a lot of time Graphic visualisation is more effective, fast

855 views • 30 slides
From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect,

From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect,

From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect, Global Software Practice Sun Microsystems Why Identity Related Services ? Identity-enabling: Exposes identity details to other services

363 views • 20 slides
Leveraging OpenID To connect Vehicle to the Cloud ALS 2017 Tokyo Fulup Ar Foll Lead Architect

Leveraging OpenID To connect Vehicle to the Cloud ALS 2017 Tokyo Fulup Ar Foll Lead Architect

Leveraging OpenID To connect Vehicle to the Cloud ALS 2017 Tokyo Fulup Ar Foll Lead Architect fulup@iot.bzh Who Are We ? Securing AGL V2C with OpenIDconnect May-2017 2 V2C Multiple Requirements Car to Cloud Telematics Car

605 views • 16 slides
Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll

Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll

Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll Master Architect fulup@sun.com 1 1 Towards an Open Identity Infrastructure with OpenSSO OpenSSO Overview &gt; Integration with open source

290 views • 25 slides
112 Sn( Sn( ,n) ,n) 111 111 Sn Sn an and d 112 112 Sn( Sn( ,p) ,p) 11 1m,g In In 112

112 Sn( Sn( ,n) ,n) 111 111 Sn Sn an and d 112 112 Sn( Sn( ,p) ,p) 11 1m,g In In 112

Activ tivation ation bremss msstra trahl hlung ung yie ield lds s of th f the 112 Sn( Sn( ,n) ,n) 111 111 Sn Sn an and d 112 112 Sn( Sn( ,p) ,p) 11 1m,g In In 112 111m,g reaction ctions s and th d the fo foll llowing ing

430 views • 21 slides
TSX: FM; LSE: FQM Cautio tionar nary y Note e Regar arding ing Forwar ard-Looking Looking

TSX: FM; LSE: FQM Cautio tionar nary y Note e Regar arding ing Forwar ard-Looking Looking

TSX: FM; LSE: FQM Cautio tionar nary y Note e Regar arding ing Forwar ard-Looking Looking Stat atemen ement Some Some of of the the stat statemen ments ts con contain tained ed in in the the foll ollowing wing mat material

364 views • 33 slides
Rupture EVAR Formula 1 style: it is all about team training www.critical-issues-congress.com Di

Rupture EVAR Formula 1 style: it is all about team training www.critical-issues-congress.com Di

Rupture EVAR Formula 1 style: it is all about team training www.critical-issues-congress.com Di Disclosures Speaker name: Colin Bicknell. I I ha have the foll ollowing po potentia ial l conflic icts of of interest to to report:

410 views • 22 slides
Dependability Evaluation Paulo R. M. Maciel et al. prmm@cin.ufpe.br www.modcs.org Centro de

Dependability Evaluation Paulo R. M. Maciel et al. prmm@cin.ufpe.br www.modcs.org Centro de

Bruno Silva, Rubens Matos, Gustavo Callou, Jair Figueiredo, Danilo Oliveira, Joo Ferreira, Jamilson Dantas, Aleciano Lobo Junior, Vandi Alves and Paulo Maciel. Mercury: An Integrated Environment for Performance and Dependability Evaluation of

616 views • 28 slides
Maude Implementation of MSR Demo Mark-Oliver Stehr Cast Stefan Reich University of Illinois,

Maude Implementation of MSR Demo Mark-Oliver Stehr Cast Stefan Reich University of Illinois,

Maude Implementation of MSR Demo Mark-Oliver Stehr Cast Stefan Reich University of Illinois, Analyst Urbana-Champaign (Iliano Cervesato) Programmer ITT Industries @ NRL Customer http://theory.stanford.edu/~iliano/ Protocol eXchange -

341 views • 23 slides
Angular JS Part III Winter Semester 2016/17 Juliane Franze Ludwig-Maximilians-Universitt

Angular JS Part III Winter Semester 2016/17 Juliane Franze Ludwig-Maximilians-Universitt

Practical Course: Web Development Angular JS Part III Winter Semester 2016/17 Juliane Franze Ludwig-Maximilians-Universitt Mnchen Practical Course Web Development WS 16/17 - 01 - 1 Todays Agenda Lessons learned from Homework

197 views • 19 slides
A Taxonomy of Approaches for Integrating Attack Awareness in Applications Tolga nl, Dr.

A Taxonomy of Approaches for Integrating Attack Awareness in Applications Tolga nl, Dr.

A Taxonomy of Approaches for Integrating Attack Awareness in Applications Tolga nl, Dr. Lynsay Shepherd, Dr. Natalie Coull, Colin McLean Introduction - Tolga nl 1. Year PhD Student @ Abertay University, Scotland Supervisors:

410 views • 14 slides
Numerical Calculations Ali Taheri Sharif University of Technology Fall 2018 Some slides have

Numerical Calculations Ali Taheri Sharif University of Technology Fall 2018 Some slides have

Fu Fundamentals of Pr Programming (Py Python) Numerical Calculations Ali Taheri Sharif University of Technology Fall 2018 Some slides have been adapted from Scipy Lecture Notes at http://www.scipy-lectures.org/ Outline 1. NumPy and

625 views • 36 slides
AMath 483/583 Lecture 6 Notes: This lecture: NumPy arrays and functions Python: main

AMath 483/583 Lecture 6 Notes: This lecture: NumPy arrays and functions Python: main

AMath 483/583 Lecture 6 Notes: This lecture: NumPy arrays and functions Python: main programs and private variables Timing Python execution Reading: class notes: Numerical Python Numpy and Scipy documentation R.J.

383 views • 6 slides
Interfacing Python and C using Ctypes Giuseppe Piero Brandino and Jimmy Aguilar Mena March 9,

Interfacing Python and C using Ctypes Giuseppe Piero Brandino and Jimmy Aguilar Mena March 9,

Interfacing Python and C using Ctypes Giuseppe Piero Brandino and Jimmy Aguilar Mena March 9, 2016 Giuseppe Piero Brandino and Jimmy Aguilar Mena Interfacing Python and C using Ctypes March 9, 2016 1 / 12 Motivation When do we want to

799 views • 30 slides
Session 3 : Scientific Python Exercises 2 1) Create an array x = [-3.00, -2.99, -2.98, ,

Session 3 : Scientific Python Exercises 2 1) Create an array x = [-3.00, -2.99, -2.98, ,

An introduction to scientific programming with Session 3 : Scientific Python Exercises 2 1) Create an array x = [-3.00, -2.99, -2.98, , 2.98, 2.99, 3.00] 2 e x 2 / 2 1 2) Create a corresponding array for the Gaussian function y =

502 views • 27 slides

More recommend