dominig ar foll
play

Dominig ar Foll Senior Software Architect Intel Open Source Fosdem - PowerPoint PPT Presentation

Jan 28, 2024 •1.05k likes •1.37k views

Dominig ar Foll Senior Software Architect Intel Open Source Fosdem 2017, Brussel, Be dominig.arfoll@fridu.net 1/30 A harden Embedded Linux Applicable to any Industrial IoT Linux 2/30 3/30 4/30 Top 25 Git Commituers in 2016 Commits Name

  1. Dominig ar Foll Senior Software Architect Intel Open Source Fosdem 2017, Brussel, Be dominig.arfoll@fridu.net 1/30

  2. A harden Embedded Linux Applicable to any Industrial IoT Linux 2/30

  3. 3/30

  4. 4/30

  5. Top 25 Git Commituers in 2016 Commits Name Company Commits Name Company 40 Anton Gerasimov Advanced Telematjcs 533 Jose Bollo IoT.BZH 35 Yanhua GU Fujitsu Ten 22 Christjan Gromm Microchip 166 NuoHan Qiao Fujitsu Ten 21 Ronan IoT.BZH 146 Jan-Simon Moeller Linux Foundatjon 20 SriMaldia Alps 18 Naoto Yamaguchi AisinAW 102 Stephane Desneux IoT.BZH 15 Karthik Ramanan TI 92 Jens Bocklage Mentor Graphics 13 Scotu Murray Konsulko 86 Tasuku Suzuki Qt Company 11 Kotaro Hashimoto Mitsubishi Electric 9 Matu Porter Konsulko 85 Manuel Bachmann IoT.BZH 8 Dominig Ar Foll Intel 70 Yannick Gicquel IoT.BZH 8 Yuta Doi Witz 8 Jian Zhang Fujitsu Ten 64 Ran Cao Fujitsu Ten 57 Tadao Tanikawa Panasonic 55 Fulup Ar Foll IoT.BZH 42 Leon Anavi Konsulko 1791 Total Commits • 01 Jan 2016 – 31 Dec 2016 45 Commituers • Commits to master 24 Companies Slide 5

  6. A Linux for Automotive ? ➢ Embedded Yocto built ➢ Strong interaction with Sensors ➢ Non Desktop UI ➢ Dedicated Entry buttons ➢ MultipleScreens enabled ➢ Managed device ➢ Any fault will be blamed on system provider ➢ Applications are gated by system provider ➢ Long life support ➢ No admin system to rely on ➢ ... 6/30

  7. From Auto to Industry ➢ Features ➢ Speed, position, sensors ➢ Dedicated UI ➢ Dedicated Entry buttons ➢ Multimedia features ➢ Emergency phone service ➢ Remote Diagnostic ➢ Implementation ➢ Embedded Linux with dedicated UI ➢ Connectivity ➢ 100% remote support operation ➢ Very reliable 7/30

  8. What is AGL (Jan 17) ➢ Focus on the core OS ➢ Yocto 2.2 ➢ Linux 4.4 or 4.8 ➢ Security model from Tizen ➢ Standard Layer for BSP ➢ Source sync via repo tool ➢ Ready made Docker SDK ➢ App and Middleware ➢ Isolated from the Core OS ➢ AppFW enforced security ➢ No default UI 8/30

  9. AGL Architecture 9/30

  10. Service isolation Run services with UID<>0 SystemD is your friend l Create dedicated UID per service l Use Linux MAC and Smack DAC to minimise open Access Drop privileges l Posix privileges l MAC privileges C-goups l Reduce offending power l RAM/CPU/IO Name Space l Limit access to private data l Limit access to connectivity https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt https://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txt http://man7.org/linux/man-pages/man7/namespaces.7.html https://en.wikipedia.org/wiki/Mandatory_access_control https://en.wikipedia.org/wiki/Discretionary_access_control 10/30

  11. Segregate Apps from OS ➢ Application Manager ➢ One system daemon for application live cycle installs, update, delete ➢ One user daemon per user for application start, stop, pause, resume ➢ Create initial share secret between UI and Binder ➢ Spawn and controls application processes: binder, UI, … ➢ Security Manager ➢ Responsible of privilege enforcement ➢ Based on Cynara + WebSocket and D-Bus for Legacy) ➢ Application & Services Binders ➢ Expose platform APIs to UI, Services, Applications ➢ Loads services/application plugins :Audio, Canbus, Media Server… ➢ One private binder per application/services [REST, WebSocket, Dbus] ➢ Authenticate UI by oAuth token type ➢ Secured by SMACK label + UID/GIDs ➢ AppBinders runs under user $HOME 11/30

  12. AGL2 Application Security Application Framwork Live Cycle Management Log/Supervision Start,Stop,Pause,Install,Remove,... Navigation MultiMedia Cgroups Service Service Service NameSpace Carte handling Carte handling Media Player Containers POI management POI management Radio Interface etc... etc... etc... Transport + Acess Control Agent-2 Agent-3 Agent-4 MAC Car Environement Engine Remote Signal Enforcement CAN Bus-A CAN Bus-B Smart City Smack LIN Bus-A Cluster-Unit RVI ... Audio Cloud Distributed Application Architecture 12/30

  13. AGL2 AppFW logic 13/30

  14. AGL2++ Virtualised Architecture Less Privileges DomU Entertainment DomU Cluster Container AGL App-1 AGL App-2 AGL App-3 App-1 App-2 DOM0 controller AGL Extra AGL Mini Ressources Emergency Alloc/Porxy Diagnistics Plateform Services Middleware Services Trusted Apps AGL Core Plateform Services Linux-RT/Microkernel Integrety control PKI safe Store Guest Operating AGL Linux Kernel Guest Operating AGL Linux More Privileges Supervisor Virt Virt Virt Virt Audio Audio GPU GPU Trusted Boot Hypervisor Trusted Zone Hardware Virtualized Secure Architecture 14/30

  15. Building the OS ➢ Collection of Yocto Layers ➢ Multi-Architecture (Intel, ARM) ➢ Multiple Haker Board support (Minnow, Joule, R3, RasberryPI 3). ➢ Hardening by design ➢ Critical services provided ➢ Design for custom additions ➢ No imposed UI ➢ Home Screen as an API ➢ Local (Native or HTML5) or remote UI (via REST API) ➢ Application and Middleware ➢ Built independently (via yocto SDK) ➢ Web Socket based AppFW for easy integration ➢ App and Middleware run in isolated security domains 15/30

  16. To write an App ➢ Write back-end binding ➢ Adds the specialised API to the system ➢ Accessible by Web Socket or slow legacy D-Bus ➢ Run in its own security domain ➢ Can be cascaded ➢ Write the Front end ➢ Typically in HTML5, QML but open to any ➢ Connect to back-end binding using REST with secured key (OAuth2) ➢ ➢ Package ➢ Based on W3C widget ➢ Feature allow to handle AGL specificities ➢ Install via the AppFW 16/30

  17. AGL2+ Distributed Architecture Entertainement Cluster Cloud Navigation Maintenance Portal My Car Portal Head Unix Service Know Bugs Paiement Direction Indication Carte handling Maintenances Subcriptions Localistion management Service Packs Preference POI Transport & ACL Transport & ACL Transport & ACL Geopositioning Preferences Log CAN-BUS Cluster Virtual Virtual Signal & Analytics Virtual Signal Signal Custumisation Gyro, Acelerometer CAN-BUS MongoDB Engine No-SQL Engine Engine-CAN-BUS CAN GPS Paiement Service LIN-BUS Statistics & Analytics ABS Multi ECU & Cloud Aware Architecture 17/30

  18. Attacking IoT, a viable business ➢ Ransom model ➢ Stall manufacturing ➢ Immobilise expensive items (e.g. your car) ➢ … ➢ Competitive advantage ➢ Collecting R&D, manufacturing data ➢ Disturbing production line ➢ Indirect ➢ Cheap robot for DDoS ➢ Easy entry point

  19. Security fundamentals Minimise surface of attack Control the code which is run Provide a bullet proof update model Track security patches Use HW security helpers when available Limit lateral movement in the system Develop and QA with security turned on Do not rely on human but on platform and tools Security cannot be added after the fact 19/30

  20. Do not rely on human ➢ Security experts are out of reach ➢ 9M Mobile Developers ➢ 8M Web Developers ➢ 0.5M Embedded Developers ➢ How many Embedded Security Developers ? ➢ Human are unreliable ➢ We do not have the time now ➢ Oups, it’s too late to change it ➢ No one is interested by our system ➢ We are too small ➢ ...

  21. Concepts are Known but what about implementation? Full isolation AppFW AppFW Untrusted Apps / Middleware Untrusted Apps / Middleware App Debug App Debug App Packaging App Packaging API API Mandatory Access Control Default policies Default policies Integrity Debug Debug Harden OS services Harden OS services Name Space Sample code Sample code Firewall HowTo HowTo Safe update Signing Signing Encryption Linux Kernel with up-to-date patches Linux Kernel with up-to-date patches Repo create Repo create ID/Key protection Debug Debug SoC Specific drivers Customize Customize EPID TPM UEFI EPID TPM UEFI SoC Drivers SoC Drivers ID Management Private/Secure Store Secured Boot ID Management Private/Secure Store Secured Boot Tools-Doc Software running onTarget Tools-Doc Software running onTarget 21/30

  22. Conclusion ➢ AGL is Industry friendly ➢ Automotive have very generic requirements ➢ Reuse potential is huge ➢ AGL is really open source ➢ In AGL code remains king ➢ Security ready model ➢ Hardeling comes for free ➢ Cybersecurity is a permanent focus ➢ Application and Middleware are isolated ➢ AppFW is designed to connect modules via WebSockets ➢ Business logic and UI are easy to isolate ➢ App and Middleware SW is based on well know Web technologies 22/30

  23. Questions Fosdem 2017, Brussel, Be dominig.arfoll@fridu.net

  24. Links https://www.automotivelinux.org/ https://gerrit.automotivelinux.org/gerrit/#/q/s tatus:open http://docs.automotivelinux.org/ https://vimeo.com/channels/1196445 Fosdem 2017, Brussel, Be dominig.arfoll@fridu.net

  25. Backup slides 25/30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dominig ar Foll Senior Software Architect Intel Open Source IoT Summit 2016, Berlin, DE

Dominig ar Foll Senior Software Architect Intel Open Source IoT Summit 2016, Berlin, DE

Dominig ar Foll Senior Software Architect Intel Open Source IoT Summit 2016, Berlin, DE dominig.arfoll@fridu.net 1/21 Attacking IoT, a viable business Ransom model Stall manufacturing Immobilise expensive items (e.g. your car)

344 views • 21 slides
Creating a profile from Tizen:Common Dominig ar Foll (Intel Open Source Technology Centre)

Creating a profile from Tizen:Common Dominig ar Foll (Intel Open Source Technology Centre)

Creating a profile from Tizen:Common Dominig ar Foll (Intel Open Source Technology Centre) dominig.arfoll@fridu.net October 2014 Agenda Why Tizen:Common ? Inheriting from Tizen:Common Inside Tizen:Common Changelog &amp; Roadmap

537 views • 29 slides
Tizen IVI Architecture New features Dominig ar Foll, Intel Open Source Agenda What is Tizen

Tizen IVI Architecture New features Dominig ar Foll, Intel Open Source Agenda What is Tizen

Tizen IVI Architecture New features Dominig ar Foll, Intel Open Source Agenda What is Tizen IVI How to join the project Our road map Architecture New Features 2 What is Tizen IVI Tizen IVI Support Intel and ARM

534 views • 28 slides
Ready made Recipes to add Security and Data Protection to a Yocto based Project reusing

Ready made Recipes to add Security and Data Protection to a Yocto based Project reusing

Ready made Recipes to add Security and Data Protection to a Yocto based Project reusing Tizen-Meta Dominig ar Foll (Intel Open Source Technology Centre) dominig.arfoll@fridu.net March 2015 Tizen-Meta IoT and Security What is Tizen

682 views • 31 slides
RMLL 2009 Network virtualisation using Netkit and Dynamips Cedric Foll 07.08.09 Cedric Foll

RMLL 2009 Network virtualisation using Netkit and Dynamips Cedric Foll 07.08.09 Cedric Foll

RMLL 2009 Network virtualisation using Netkit and Dynamips Cedric Foll 07.08.09 Cedric Foll cedric.foll@(laposte.net|education.gouv.fr) Network and security architect and Chef Security Officer (CSO) of French Ministry of Education Teacher

408 views • 21 slides
How can we grow our foll llowers, and can we move from passive to activ ive engagement? ? 19

How can we grow our foll llowers, and can we move from passive to activ ive engagement? ? 19

What t are the e princip nciples les of f eff ffective ctive strate rategies ies (incl. ncl. storytelling orytelling and nd collaborat laborating)? ing)? How can we grow our foll llowers, and can we move from passive to activ ive

636 views • 27 slides
Pa Pacific yo youth fo foll llow-up af after r a a suic suicide at attempt pre

Pa Pacific yo youth fo foll llow-up af after r a a suic suicide at attempt pre

Pa Pacific yo youth fo foll llow-up af after r a a suic suicide at attempt pre resentation to to Mid iddlemore Hospital Emergency Dep Em epart rtment A mixed method study combining quantitative and qualitative methods By:

378 views • 26 slides
Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert

Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert

Next Generation of Identity Aware Applications. Fulup Ar Foll Liberty Alliance Technical Expert Group Master Architect, Global Software Practice Sun Microsystems. Fulup.ArFoll@sun.com p 1 San Diego April 2007 e-Government Trend France :

605 views • 18 slides
You Should Foll llow The Business Judgment Rule Im David Tate. I am a California litigation

You Should Foll llow The Business Judgment Rule Im David Tate. I am a California litigation

You Should Foll llow The Business Judgment Rule Im David Tate. I am a California litigation attorney: primarily business/corporate, trust, estate, elder abuse, disability/discrimination, and real estate litigation and disputes, including

614 views • 23 slides
Netflow Malicious activities detection Cedric Foll @follc Goal Being able to detect (most of)

Netflow Malicious activities detection Cedric Foll @follc Goal Being able to detect (most of)

Netflow Malicious activities detection Cedric Foll @follc Goal Being able to detect (most of) malicious activities without having to read logs Logs are boring, reading them takes a lot of time Graphic visualisation is more effective, fast

855 views • 30 slides
From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect,

From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect,

From UseCases to Specifications Fulup Ar Foll Liberty Technical Expert Group Master Architect, Global Software Practice Sun Microsystems Why Identity Related Services ? Identity-enabling: Exposes identity details to other services

363 views • 20 slides
Leveraging OpenID To connect Vehicle to the Cloud ALS 2017 Tokyo Fulup Ar Foll Lead Architect

Leveraging OpenID To connect Vehicle to the Cloud ALS 2017 Tokyo Fulup Ar Foll Lead Architect

Leveraging OpenID To connect Vehicle to the Cloud ALS 2017 Tokyo Fulup Ar Foll Lead Architect fulup@iot.bzh Who Are We ? Securing AGL V2C with OpenIDconnect May-2017 2 V2C Multiple Requirements Car to Cloud Telematics Car

605 views • 16 slides
Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll

Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll

Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll Master Architect fulup@sun.com 1 1 Towards an Open Identity Infrastructure with OpenSSO OpenSSO Overview &gt; Integration with open source

290 views • 25 slides
112 Sn( Sn( ,n) ,n) 111 111 Sn Sn an and d 112 112 Sn( Sn( ,p) ,p) 11 1m,g In In 112

112 Sn( Sn( ,n) ,n) 111 111 Sn Sn an and d 112 112 Sn( Sn( ,p) ,p) 11 1m,g In In 112

Activ tivation ation bremss msstra trahl hlung ung yie ield lds s of th f the 112 Sn( Sn( ,n) ,n) 111 111 Sn Sn an and d 112 112 Sn( Sn( ,p) ,p) 11 1m,g In In 112 111m,g reaction ctions s and th d the fo foll llowing ing

430 views • 21 slides
TSX: FM; LSE: FQM Cautio tionar nary y Note e Regar arding ing Forwar ard-Looking Looking

TSX: FM; LSE: FQM Cautio tionar nary y Note e Regar arding ing Forwar ard-Looking Looking

TSX: FM; LSE: FQM Cautio tionar nary y Note e Regar arding ing Forwar ard-Looking Looking Stat atemen ement Some Some of of the the stat statemen ments ts con contain tained ed in in the the foll ollowing wing mat material

364 views • 33 slides
Rupture EVAR Formula 1 style: it is all about team training www.critical-issues-congress.com Di

Rupture EVAR Formula 1 style: it is all about team training www.critical-issues-congress.com Di

Rupture EVAR Formula 1 style: it is all about team training www.critical-issues-congress.com Di Disclosures Speaker name: Colin Bicknell. I I ha have the foll ollowing po potentia ial l conflic icts of of interest to to report:

410 views • 22 slides
Development in the Civil Infrastructure Platform Yoshitake Kobayashi Open Source Summit Japan,

Development in the Civil Infrastructure Platform Yoshitake Kobayashi Open Source Summit Japan,

SLTS Kernel and Base-Layer Development in the Civil Infrastructure Platform Yoshitake Kobayashi Open Source Summit Japan, Tokyo, June 2, 2017 Our Civilization is Run by Linux Open Source Summit Japan 2017 2

1.03k views • 46 slides
Verification of security protocols: from confidentiality to privacy Stphanie Delaune Univ

Verification of security protocols: from confidentiality to privacy Stphanie Delaune Univ

Verification of security protocols: from confidentiality to privacy Stphanie Delaune Univ Rennes, CNRS, IRISA, France Thursday, June 28th, 2018 Research at IRISA (Rennes) 800 members (among which about 400 reasearchers) EMSEC team

1.05k views • 86 slides
OUR ROAD TO IOT: SECURE DEVICE GRID 5 October 2015 Kresten Krab Thorup @drkrab

OUR ROAD TO IOT: SECURE DEVICE GRID 5 October 2015 Kresten Krab Thorup @drkrab

OUR ROAD TO IOT: SECURE DEVICE GRID 5 October 2015 Kresten Krab Thorup @drkrab Introduction IoT and SSL/TLS landscape Secure Device Grid design Lessons Learned ABOUT THE SPEAKER Kresten Krab Thorup, Ph.D. Trifork CTO - since 1999

948 views • 56 slides
Randomness Extractors. Secure Communication in Practice Lecture 17

Randomness Extractors. Secure Communication in Practice Lecture 17

Randomness Extractors. Secure Communication in Practice Lecture 17

816 views • 23 slides
Factoring as a Service Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri,

Factoring as a Service Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri,

Factoring as a Service Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri, Nadia Heninger University of Pennsylvania seclab.upenn.edu/projects/faas Textbook RSA [Rivest Shamir Adleman 1977] Public Key Private Key N = pq

401 views • 39 slides
logi.CAD3 logi.CLOUD An expe ri en ce rep or t on migratj ng a n i nd ust r ia l -gra de

logi.CAD3 logi.CLOUD An expe ri en ce rep or t on migratj ng a n i nd ust r ia l -gra de

logi.CAD3 logi.CLOUD An expe ri en ce rep or t on migratj ng a n i nd ust r ia l -gra de ID E t o the Cl o ud u si ng t he Ec li pse e cosys tem Agenda of this Talk Introductjon (7 Minutes) Goal Company focus (products,

682 views • 37 slides
Firewalls Network Security: Firewalls, A system or combination of systems VPNs, and

Firewalls Network Security: Firewalls, A system or combination of systems VPNs, and

Firewalls Network Security: Firewalls, A system or combination of systems VPNs, and Honeypots that enforces a boundary between two CS 239 or more networks - NCSA Firewall Functional Summary Computer Security Usually, a

271 views • 10 slides
F Classification: Public AGENDA Introductions Scheme Comparisons Coronavirus

F Classification: Public AGENDA Introductions Scheme Comparisons Coronavirus

Classification: Public F Classification: Public AGENDA Introductions Scheme Comparisons Coronavirus Business Interruption Loan Scheme (CBILS) Coronavirus Large Business Interruption Loan Scheme (CLBILS) Covid

436 views • 20 slides

More recommend