overview of agl the floss embedded secured os based on
play

Overview of AGL the FLOSS embedded secured OS based on linux 9th - PowerPoint PPT Presentation

May 31, 2023 •25 likes •1.03k views

Overview of AGL the FLOSS embedded secured OS based on linux 9th October 2018 Jos Bollo Security Technical Lead jose.bollo@iot.bzh IoT.bzh LORIENT October 2015 Stphane Manuel Fulup Yannick Jos Mostly dedicated to AGL vannes

  1. Overview of AGL the FLOSS embedded secured OS based on linux 9th October 2018 José Bollo Security Technical Lead jose.bollo@iot.bzh

  2. IoT.bzh LORIENT October 2015 Stéphane Manuel Fulup Yannick José ● Mostly dedicated to AGL vannes ● https://iot.bzh/en/ ● http://github.com/iotbzh October 2018 9th October 2018 overview of AGL, FLOSS embedded secured OS 2

  3. Overview of AGL system 9th October 2018 overview of AGL, FLOSS embedded secured OS 3

  4. AGL 6.0 Funky Flounder DASHBOARD HOMESCREEN LAUNCHER MEDIAPLAYER HVAC MIXER AGL applications SETTINGS RADIO NAVI PHONE POI ... AGL framework windowmanager persistence mediascanner SystemD weather low-can bluetooth AGL services network nfc homescreen geoclue mediaplayer unicens identity audio-4a ... bluez geoclue gstreamer upstream services (pulseaudio) Network-Manager ... LINUX KERNEL 9th October 2018 overview of AGL, FLOSS embedded secured OS 4

  5. Micro service architecture APPLICATION Applications and services are running isolated one another by Services are their smack security context like applications A SECURITY CONTEXT inter SERVICE APPLICATION connection network dbus, ws, bus1, tls, B C SECURITY SECURITY ... CONTEXT CONTEXT The communication between applications is controlled by policy (framework, fjrewall, SERVICE gateway, OAuth, openid connect) D Access to service features is controlled SECURITY CONTEXT by permission enforcement mechanism (cynara, OAuth) 9th October 2018 overview of AGL, FLOSS embedded secured OS 5

  6. Mechanisms of security ● Mandatory Access Control with SMACK – S imple M andatory A ccess C ontrol K ernel – Strong isolation of kernel objects (files, sockets) ● Network firewall and filtering – Using netherd and netfilter ● Permission database cynara – Filtering permission – User consent mechanism ● User credential management – Oauth and OpenID Connect 9th October 2018 overview of AGL, FLOSS embedded secured OS 6

  7. Global view of security Access Control provides operations to control accesses +has_access() NSBAC PBAC DAC MAC NameSpace Based Permission Based Discretionary Mandatory Access Access Control Access Control Access Control Control (containers) LINUX KERNEL SMACK ACL CYNARA Simple Mandatory Standard Linux Access Control Access Control Kernel 9th October 2018 overview of AGL, FLOSS embedded secured OS 7

  8. Mechanisms of security Legitimate application BlackHat application GRANTED DENIED Smack linux LINUX KERNEL security module helps to protect system resources System resource The permission DENIED GRANTED database Cynara helps to protect services Protected Service 9th October 2018 overview of AGL, FLOSS embedded secured OS 8

  9. Permission checking : CLIENT : SOLUTION : SERVICE CONNECT Subject to permission to connect to the service INVOKE METHOD Subject to permission to invoke the METHOD of the service return from INVOKE Subject to permission SIGNAL EVENT to receive EVENT of the service 9th October 2018 overview of AGL, FLOSS embedded secured OS 9

  10. Permission and composition of services Policy for Y is: requires permission P <<depends>> <<depends>> X : SERVICE Y : SERVICE : SOLUTION : CLIENT About permission P, the policy for X is either: - P is required by transitivity - P is a hidden requirement of X AGL framework takes care of composition of permissions. Under control of strict policy, it allows some services to run with the context of their clients, behaving as their client. 9th October 2018 overview of AGL, FLOSS embedded secured OS 10

  11. Links ● Doc: http://docs.automotivelinux.org/ ● Wiki: https://wiki.automotivelinux.org/ ● More: https://iot.bzh/en/publications 9th October 2018 overview of AGL, FLOSS embedded secured OS 11

  12. Overview of LSM SMACK 9th October 2018 overview of AGL, FLOSS embedded secured OS 12

  13. Short overview ● The author of Smack is mainly Casey Schaufler. ● In Linux since kernel 2 6 25 – 17 April 2008 – as a LSM (Linux Security Module) ● Use extended file attributes to store data related to files (like SELinux). ● Controlled via a filesystem interface: smackfs. ● Controls accesses of processes to files, IPC, sockets and processes (ptrace, signals, ...). ● Controls CIPSO labelled IPV4 packets ● Integrated in systemd 9th October 2018 overview of AGL, FLOSS embedded secured OS 13

  14. The Smack rules ● Smack's rules have 3 items: Simple !!! – the subject's label – the object's label – the access System User rwx This rule tells to allow read , write and execute access to objects labeled User for the processes labeled System . What are labels? What are subjects? What are objects? How to set? 9th October 2018 overview of AGL, FLOSS embedded secured OS 14

  15. The Smack vocabulary ● Labels are just text (of valid ASCII characters) without any special meaning: they are compared to equality (case sensitive: a≠A). ● Subjects are running processes: any running process has a smack label. ● Objects are files , IPC , sockets , processes . ● The label of a running process is called its security context . – Commands id, ps (option -Z or -M), ls (option -Z) are prompting contexts processes and files. ● The grantables access modes are: read (r), write (w), execute (x), append (a), lock (l), transmute (t), bringup (b). 9th October 2018 overview of AGL, FLOSS embedded secured OS 15

  16. Setting Smack How to set context? You can't! Except if you have the capability CAP_MAC_ADMIN. # chsmack --access label fjle # echo -n label > /proc/$$/attr/current How to set rules? You can only reduce accesses for the current thread (inherited by cloning). But if you have the capability CAP_MAC_ADMIN, you can change all rules. # echo “subject object rwt” > /sys/fs/smackfs/load-self2 # echo “subject object rwt” > /sys/fs/smackfs/load2 # echo “subject object rwt” | smackload 9th October 2018 overview of AGL, FLOSS embedded secured OS 16

  17. Evolutions of Smack ● The author of Smack is mainly Casey Schaufler. ● In Linux since kernel 2 6 25 – 17 April 2008 – as a LSM (Linux Security Module) ● Evoluting since this first days. – Lock access mode (kernel 3.13) – Support for multi-rule write to load2 and change-rule (kernel 3.12) – Maximum value for CIPSO category change from 63 to 184 (kernel 3.12) – Longer Smack labels (24->255) and recursive transmute (kernel 3,5) – Transmute access mode (kernel 2.6.38) – Bringup mode – Netlabel filtering 9th October 2018 overview of AGL, FLOSS embedded secured OS 17

  18. Smack links ● Kernel doc: https://www.kernel.org/doc/html/latest/admin-g uide/LSM/Smack.html ● User space tools: https://github.com/smack-team/smack ● 9th October 2018 overview of AGL, FLOSS embedded secured OS 18

  19. Overview of CYNARA permission database 9th October 2018 overview of AGL, FLOSS embedded secured OS 19

  20. cynara ● Cynara is a permission database ● Cynara was introduced in 2014 by Samsung for Tizen’s management of permissions – It was a response to the insane growth of smack rules ● Was introduced as an alternative to Polkit that was to slow ● This defines Tizen 3 versus previous Tizens ● The main promoter and contributor is Samsung Poland 9th October 2018 overview of AGL, FLOSS embedded secured OS 20

  21. The cynara rules The 4-uple of values is checked DENIED client session user permission OTHER (ASK, ...) GRANTED ● The client is the requesting process identifjed by its Smack label ● The session is supposed to identify the one session of the client ● The user is the requesting user as identifjed by DAC ● The permission is the permission that is tested client, session, user and permission are text strings 9th October 2018 overview of AGL, FLOSS embedded secured OS 21

  22. cynara HVAC The application HVAC runs with security label User::App::HVAC Request issued over UNIX Domain Socket The low-can service get the credentials of its client using low-can getsockopt ( SO_PEERCRED & SO_PEERSEC ) (getsockopt is a C function) cache Request cynara authorisation for User::App::HVAC PID UID PERM or if known User::App::HVAC SESSION-ID USER-ID PERM Caching is possible to avoid request The server cynara checks whether a rule allows the request cynara Issue with NAND memory (limited write cycle) => specifjc optimizations 9th October 2018 overview of AGL, FLOSS embedded secured OS 22

  23. cynara For some queries, the A t t e n t i o n A t t e n t i o n server cynara may ask an “agent” to give or not The application HVAC HVAC requires permission to change requires permission to change The application the authorization temperature. temperature. Do you accept? Do you accept? Yes forever Yes now Not now Never Yes forever Yes now Not now Never ... Example 1 An agent can ask the user cynara Session manager Example 2 An agent can ask the session manager agent agent agent agent 9th October 2018 overview of AGL, FLOSS embedded secured OS 23

  24. Cynara, comparison 9th October 2018 overview of AGL, FLOSS embedded secured OS 24

  25. Cynara, comparison HVAC low-can cache cynara agent 9th October 2018 overview of AGL, FLOSS embedded secured OS 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

From the idea to the prototype using FLOSS Arnaud Ferraris arnaud.ferraris@collabora.com

From the idea to the prototype using FLOSS Arnaud Ferraris arnaud.ferraris@collabora.com

From the idea to the prototype using FLOSS Arnaud Ferraris arnaud.ferraris@collabora.com 02/03/2019 1 Who am I? Software Engineer at Collabora Low-level development (kernel, bootloader, base system * ) Embedded software

246 views • 22 slides
IoT Projects in FLOSS Foundations Dashboard https://iotfloss.bitergia.net/ A dashboard based on

IoT Projects in FLOSS Foundations Dashboard https://iotfloss.bitergia.net/ A dashboard based on

IoT Projects in FLOSS Foundations Dashboard https://iotfloss.bitergia.net/ A dashboard based on communities data v0.1 Alvaro del Castillo &lt;adelcastillo@thingso2.com&gt; Valerio Cosentino &lt;valcos@bitergia.com&gt; https://thingso2.com

618 views • 44 slides
Secured Mortgage Income Fund Are your investments secured and predictable? Fund Mandate u To

Secured Mortgage Income Fund Are your investments secured and predictable? Fund Mandate u To

Secured Mortgage Income Fund Are your investments secured and predictable? Fund Mandate u To provide investors with consistent monthly income secured by real property mortgages that are prudently written to safeguard capital. u Statesman Capital

572 views • 20 slides
Implementing DNNs What this lecture is about: on Embedded Overview of frameworks for

Implementing DNNs What this lecture is about: on Embedded Overview of frameworks for

This lecture Implementing DNNs What this lecture is about: on Embedded Overview of frameworks for implementing DNNs with hardware acceleration on GPU-based embedded platforms A deep dive into TensorRT , the state-of-the-art

367 views • 10 slides
HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems

HW/SW Codesign w/ FPGAs Embedded Systems ECE 495/595 Overview (Slides from Embedded Systems Design, F. Vahid and T. Givargis) Embedded computing systems definition: Computing systems embedded within electronic devices. Hard to define

396 views • 26 slides
Model-based Design 182.721 VO Embedded Systems Engineering Armin Wasicek 6.12.2011 Overview

Model-based Design 182.721 VO Embedded Systems Engineering Armin Wasicek 6.12.2011 Overview

Model-based Design 182.721 VO Embedded Systems Engineering Armin Wasicek 6.12.2011 Overview Introduction System Theory Model Driven Architecture (MDA) MBD Development Environments Summary 10.12.2010 Model based Design 2

590 views • 40 slides
Graffjti A embedded graph database Sylvain Baubeau Sylvain Afchain Graffjti overview

Graffjti A embedded graph database Sylvain Baubeau Sylvain Afchain Graffjti overview

Graffjti A embedded graph database Sylvain Baubeau Sylvain Afchain Graffjti overview Originates from Skydive Embedded Event based Time traveling High availability Query language with extension support

587 views • 13 slides
Lessons for Secured Creditors Guidance for Secured Creditors on Lien Ride-Throughs After In re N.

Lessons for Secured Creditors Guidance for Secured Creditors on Lien Ride-Throughs After In re N.

Presenting a live 90-minute webinar with interactive Q&amp;A Lien Stripping in Chapter 11 Bankruptcy Cases: Lessons for Secured Creditors Guidance for Secured Creditors on Lien Ride-Throughs After In re N. New Eng. Tel. Operations WEDNESDAY,

510 views • 47 slides
Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split

Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split

Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split in 2 parts: Lectures: ESE VO (182.721) ECTS: 3.0 Web: http://ti.tuwien.ac.at/rts/teaching/courses/esevo Staff: Prof. Radu Grosu,

859 views • 7 slides
Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks

Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks

Networked Embedded Systems Ezio Bartocci Overview Networked Embedded Systems (182.717): 6 weeks for semester ECTS: 6.0 Web: http://ti.tuwien.ac.at/rts/teaching/courses/networked-embedded-systems Type: Lessons (VU Vorlesung) with

700 views • 20 slides
People are our most important asset Why Organizational or Corporate Culture in FLOSS

People are our most important asset Why Organizational or Corporate Culture in FLOSS

People are our most important asset Why Organizational or Corporate Culture in FLOSS Organisations Matters! By Anne stergaard aoe@gnome.org Member of The GNOME Foundation Board. Presented at KDE - aKademy 2007 in Glasgow. Content 1.

573 views • 29 slides
4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of

4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of

4TU MASTER EMBEDDED SYSTEMS Bert Molenkamp 19/03/2020 Master Embedded Systems 1 Table of contents What is an embedded system Examples of research topics Admission Overview of the programme Success rates Master Embedded

814 views • 31 slides
SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given property

957 views • 33 slides
The Flyover Video The Campus Overview Video Abbi Agency Full Harvest Secured IT

The Flyover Video The Campus Overview Video Abbi Agency Full Harvest Secured IT

The Flyover Video The Campus Overview Video Abbi Agency Full Harvest Secured IT Solutions Aconverge GOED SLAM Energy Software Airline 4.0 Green Our Planet SWX Technologies Banjo

568 views • 33 slides
Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS Operating Systems Major differences Details XPE / CE Embedded PC 2 The Windows Embedded OS family The modular, real The modular, real- -time

611 views • 22 slides
Product-Term Based Synthesizable Embedded Programmable Logic Cores Andy Yan, Dr. Steven Wilton

Product-Term Based Synthesizable Embedded Programmable Logic Cores Andy Yan, Dr. Steven Wilton

Product-Term Based Synthesizable Embedded Programmable Logic Cores Andy Yan, Dr. Steven Wilton SoC Research Lab, University of British Columbia Vancouver, BC Canada Overview of Contributions Propose new architectural family for

355 views • 16 slides
A Mechanism for Risk Adaptive Access Control (RAdAC) Machon Gregory 14 March 2007 National

A Mechanism for Risk Adaptive Access Control (RAdAC) Machon Gregory 14 March 2007 National

A Mechanism for Risk Adaptive Access Control (RAdAC) Machon Gregory 14 March 2007 National Information Assurance Research Laboratory (NIARL) Motivation Need for new access control model, Risk Adaptive Access Controls Commonly deployed

473 views • 13 slides
Decision on energy management system replacement project budget Petar Ristanovic Vice President,

Decision on energy management system replacement project budget Petar Ristanovic Vice President,

Decision on energy management system replacement project budget Petar Ristanovic Vice President, Technology Board of Governors Meeting General Session February 3, 2016 ISO Confidential The ISO is working to replace the aging energy

317 views • 5 slides
April 2018 1 } HHS 2020 is an transformational approach to the way HHS services and programs are

April 2018 1 } HHS 2020 is an transformational approach to the way HHS services and programs are

April 2018 1 } HHS 2020 is an transformational approach to the way HHS services and programs are delivered } A modular, enterprise-wide approach } Moving from a program-centric approach to a person-centric approach } Changing the approach on

424 views • 16 slides
Mult ltiprofessional health center Bsum PD Dr. K. Gtz &amp; M. Jnemann, MD, MBA Porto

Mult ltiprofessional health center Bsum PD Dr. K. Gtz &amp; M. Jnemann, MD, MBA Porto

Mult ltiprofessional health center Bsum PD Dr. K. Gtz &amp; M. Jnemann, MD, MBA Porto 26.09.2017 Workshop PORT health centers: shaping the future of primary and long- term care in Germany Where is Bsum? North of Germany on the

149 views • 11 slides
CUI MARKING 101 CUI Program Office Greg Pannoni Associate Director Mark Riddle Principal for

CUI MARKING 101 CUI Program Office Greg Pannoni Associate Director Mark Riddle Principal for

CUI MARKING 101 CUI Program Office Greg Pannoni Associate Director Mark Riddle Principal for the CUI Program Oversight Devin Casey Lead for Program Implementation Charlene Wallace Lead for Agency Training and Awareness Evan Coren Program

745 views • 55 slides
Oppenheimer 19th Annual Consumer Growth and E-Commerce Conference June 18, 2019 - Boston, MA Joe

Oppenheimer 19th Annual Consumer Growth and E-Commerce Conference June 18, 2019 - Boston, MA Joe

Oppenheimer 19th Annual Consumer Growth and E-Commerce Conference June 18, 2019 - Boston, MA Joe Ragan - CFO Disclaimer Forward Looking Statements This presentation contains forward - looking statements. All statements, other than

676 views • 21 slides
Virtualization with libvirt Kashyap Chamarthy Outline 1/ Virt Architecture 2/ What Libvirt 3/

Virtualization with libvirt Kashyap Chamarthy Outline 1/ Virt Architecture 2/ What Libvirt 3/

Virtualization with libvirt Kashyap Chamarthy Outline 1/ Virt Architecture 2/ What Libvirt 3/ Terminology 4/ Virtualization Shell 5/ Common virsh operations 6/ Snapshots 7/ Security 8/ Libguestfs 9/ Conclusion Virt Architecture Regular

284 views • 16 slides
26/06/2017 DISCLAIMER NMVO on-boarding presentation Please check https://www.emvo-medicines.eu/

26/06/2017 DISCLAIMER NMVO on-boarding presentation Please check https://www.emvo-medicines.eu/

26/06/2017 DISCLAIMER NMVO on-boarding presentation Please check https://www.emvo-medicines.eu/ for the latest version of this presentation and the on-boarding guideline. European Medicines Verification Organisation (EMVO)

168 views • 12 slides

More recommend