tails security maintainability and usability
play

Tails: Security, Maintainability and Usability Pick three! Julien - PowerPoint PPT Presentation

Jun 04, 2023 •582 likes •1.53k views

Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier July 4, 2016 Nuit du Hack Who are we ? Who are we ? Julien Voisin Radare2 NBS-System dustri.org Jrme Boursier AdwCleaner

  1. Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jérôme Boursier July 4, 2016 Nuit du Hack

  2. Who are we ?

  3. Who are we ? Julien Voisin • Radare2 • NBS-System • dustri.org Jérôme Boursier • AdwCleaner • Student • fr33tux.org 1

  4. Who are we ? Julien Voisin • Radare2 • NBS-System • dustri.org Jérôme Boursier • AdwCleaner • Student • fr33tux.org 1

  5. Tails - The Amnesic Incognito Live System

  6. Tails - The Amnesic Incognito Live System What is Tails? Tails, born in 2009, is a live operating system, aiming at preserving your privacy and anonymity. 2

  7. Tails - The Amnesic Incognito Live System What is Tails? Tails, born in 2009, is a live operating system, aiming at preserving your privacy and anonymity. • All connections to the Internet are forced to go through • It leaves no trace on the computer you are using unless you ask it explicitly; • It provides cryptographic tools to encrypt your fjles, emails and IM. • Secure and usable by default 2 the Tor network;

  8. Tails - The Amnesic Incognito Live System According to the NSA (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor 1 Computer Network Exploitation 3 (S//REL) Adds Severe CNE 1 misery to equation

  9. Tails - The Amnesic Incognito Live System According to the NSA (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor (S//REL) Adds Severe CNE These variables defjne terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. 3

  10. Tails - The Amnesic Incognito Live System According to the NSA 1 (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor (S//REL) Adds Severe CNE These variables defjne terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. 1 Thanks to a famous Tails user for providing these documents. 3

  11. Tails - The Amnesic Incognito Live System The life of Tails • The core Tails Developers are anonymous, mysterious and friendly. • More than 17,000 boots per day! 2 Synchronized with Firefox/TBB 4 • A major/minor release every six weeks 2 • 2800 commits by 15+ people in the last 6 months

  12. Tails - The Amnesic Incognito Live System (Yes, the logo is a smiling USB-key) 5

  13. Maintainability Usability Security

  14. Maintainability - Usability - Security Maintainability Do you remember Haven, Anonym.OS, ParanoidLinux, onionOS, Phantomix, Liberté Linux, Mempo, ..., ? 6

  15. Maintainability - Usability - Security Usability If people can not use your software, they’ll use 6 something shitty else.

  16. Maintainability - Usability - Security Security • Collective matters, especially for anonymity: if • Your qubes-gentoo-hardened-1337 won’t do much if your email recipient gets pwned. 6 you don’t blend in the crowd, you’re a target.

  17. Maintainability

  18. Maintainability • The people behind Tails are a small team • With a lot of things to get done 3 . • So, contributors are welcome, and contributions appreciated. 1 1338 open issues in the bugtracker 7

  19. Maintainability • The people behind Tails are a small team • With a lot of things to get done 3 . • So, contributors are welcome, and contributions appreciated. 1 1338 open issues in the bugtracker 7 The less we do, the better we live

  20. Relationship with upstream Social work • Talk to (the right) people • Find skilled people • Keep people interested 8

  21. Relationship with upstream Social work • Talk to (the right) people • Find skilled people • Keep people interested Technical work • Backports, because Tails is based on Debian stable • Apparmor, libvirt, Debian, Puppet, Mumble, Tor, Thunderbird, Firefox,… 8 • Upstream as much as possible

  22. Unit test suite Testing a liveCD is hard • Cucumber for Behaviour Driven Development • Sikuli for UI testing • KVM for (nested) virtualisation • People for manual tests 4 this is why it takes 3 hours to run. 9 • Jenkins for running the test suite on every git push • Blackbox testing by emulating a real user 4

  23. Puppet everywhere Infrastructure as code • No privileges nor internet connection needed to contribute • Easy maintainability, (re)deployment and convergence. • Sharing and borrowing puppet manifests 10

  24. Open development Publish everything • Open Bugtracker • Monthly public meetings on XMPP • Public development channel on XMPP too • Public Git repositories 11

  25. Usability

  26. Translations • Tails is based on Debian, so as translated as Debian is. • English • French • Farsi • Italian • Portuguese 5 thanks to POEdit 12 • The website/documentation is available 5 in

  27. Installer • Installing an USB key isn’t straightforward • Especially on Windows • Especially when you need fancy encrypted partitions 13

  28. Installer • Installing an USB key isn’t straightforward • Especially on Windows • Especially when you need fancy encrypted partitions Hence the magical installer! 13

  29. Installer (magical) 14

  30. Incremental upgrades (IUK) • Tails is huge (1Gib) 15

  31. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet 15

  32. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! 15

  33. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! • Based on: 15

  34. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! • Based on: • TUF - The Upgrade Framework 15

  35. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! • Based on: • TUF - The Upgrade Framework • Thandy: Automatic updates for Tor bundles 15

  36. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! • Based on: • TUF - The Upgrade Framework • Thandy: Automatic updates for Tor bundles • Interesting threat model and challenges 15

  37. Cryptography is hard • Looking at people trying to explain how to GPG is fun. • This is why we have the OpenGPG applet • Automatic verifjcation of IUK • OTR by default in Pidgin 16

  38. UX testing • Give objectives to users, and watch them fail • Identify blocking points • Designing good UX is awfully hard 17

  39. Documentation • Document everything, and make this mandatory • For users, and contributors 18

  40. Accessibility • Follow GNOME’s User Interface Guidelines for Supporting Accessibility • Use GNOME :P • Drivers for accessibility devices • Do one thing, and do it right • Accessibility is super-hard 19

  41. Persistence • LUKS, dm-crypt and ext4 • UX and users are a living nightmare • Profjles for important software/components 20 • Allow Tails dev power-users to persist whatever they want

  42. Greeter 21

  43. Support (Un)fortunately, Tails has users • Whisperback to report bugs 22

  44. Support (Un)fortunately, Tails has users • Whisperback to report bugs • Frontdesk to answer emails 22

  45. Support (Un)fortunately, Tails has users • Whisperback to report bugs • Frontdesk to answer emails • Mailing lists 22

  46. Support (Un)fortunately, Tails has users • Whisperback to report bugs • Frontdesk to answer emails • Mailing lists • IRC / XMPP 22

  47. Support Speaking of users… 23

  48. Support (Un)fortunately, Tails has users that play < lskitto> Just a suggestion but in the next update can you include Minecraft? 24

  49. Support (Un)fortunately, Tails has users that know better (cont.) 22:41 eborberma> there may be fewer security issues if tails used more python software 22:42 ghetto> or less java software 22:43 eborberma> there is no java in tails 25

  50. Support (Un)fortunately, Tails has users that know better < Shikila> There are many papers, don’t act so blind < BitingBird> ... < Shikila> If I actualy studied computers I myself would have proably wrote one 26

  51. Support (Un)fortunately, Tails has users that want fmash < t4nk860> hello have a question < t4nk860> how do i install fmash player in tails 27

  52. Support (Un)fortunately, Tails has users that are looking for fancy things 02:28 xecuter > how i fjnd the secret communications of us military forces in the deep web? 28

  53. Support (Un)fortunately, Tails has users that, err, well… 23:07 PETE255 > hi you assholes HOW THE FUCK DO YOU INSTALL AN UNOFFICIAL DEBIAN FUCKING PAGKAGE DICKHEADS 29

  54. Support (Un)fortunately, Tails has users that are creative < ghetx> can i use a _ for password? 30

  55. Support (Un)fortunately, Tails has users that are candid < klapaucius> is there a good tor website for saving passwords? 31

  56. Support Fortunately, we have popcorn patience! 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

User search and free sofuware culture by sajolida 1. What is Tails 2. Our usability process 3.

User search and free sofuware culture by sajolida 1. What is Tails 2. Our usability process 3.

https://tails.boum.org/ User search and free sofuware culture by sajolida 1. What is Tails 2. Our usability process 3. User research and free sofuware culture Tails Tails is a portable operating system that protects your privacy and avoids

717 views • 24 slides
Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security Browser SSL Password Encryption warnings schemes usability IT Security 40M consumer 153M end user Thousands of credit cards credentials

785 views • 39 slides
Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Phd course on Formal modelling and analysis of interactive systems Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone United Nations University International Institute for Software Technology

1.76k views • 109 slides
Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Introduction Security-usability threat model Security and usability evaluation Summary Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe Oxford University Computing Laboratory Availability,

829 views • 23 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

219 views • 5 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

419 views • 4 slides
Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271 Announcements intermission Introduction to Computer Security Usability and Voting combined slides Usable security example areas Stephen McCamant Elections

305 views • 8 slides
( ) ( | z ) P ( z ) P Y P Y z 3 Bayes Rule Inference We will write

( ) ( | z ) P ( z ) P Y P Y z 3 Bayes Rule Inference We will write

Full Joint Probability Distributions Coin Card Candy P(Coin, Card, Candy) tails black 1 0.15 tails black 2 0.06 The probabilities CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1 0.02

71 views • 4 slides
( ) ( | z ) P ( z ) P Y P Y z 3 Inference Independence We will write the

( ) ( | z ) P ( z ) P Y P Y z 3 Inference Independence We will write the

Full Joint Probability Distributions Coin Card Candy P(Coin, Card, Candy) tails black 1 0.15 tails black 2 0.06 The probabilities CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1 0.02

153 views • 4 slides
CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1

CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1

Full Joint Probability Distributions Coin Card Candy P(Coin, Card, Candy) tails black 1 0.15 tails black 2 0.06 The probabilities CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1 0.02

459 views • 5 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
Freight TAILS Presentation to: FREVUE London Partners Meeting 25th October 2016 Freight TAILS

Freight TAILS Presentation to: FREVUE London Partners Meeting 25th October 2016 Freight TAILS

Freight TAILS Presentation to: FREVUE London Partners Meeting 25th October 2016 Freight TAILS 1. Project Introduction cities &amp; URBACT funding 2. Freight TAILS Transnational Working FREVUE input 3. Freight TAILS Local Working central

243 views • 11 slides
Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Electronic voting System security of electronic voting Stephen McCamant Exercise sets 2

424 views • 10 slides
On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis Defense, Bochum, Germany, May 29, 2019 User Authentication Competing requirements of security and usability . [1] Common Factors: Knowledge ( Password ,

619 views • 34 slides
Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability Gap in Online Banking NSPW Presentation - Sep 19, 2007 Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van Oorschot Carleton University Mohammad Mannan Sep 19, 2007 1 Security

544 views • 22 slides
Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security Good user experience design and good security cannot exist without each other Everyone deserves to be secure without being experts We need to

1.34k views • 112 slides
? ! Richard Atterer , Albrecht Schmidt Recruit regular site How to make visitors as test users!

? ! Richard Atterer , Albrecht Schmidt Recruit regular site How to make visitors as test users!

Tracking the Interaction of Users with AJAX Applications for Usability Testing ? ! Richard Atterer , Albrecht Schmidt Recruit regular site How to make visitors as test users! usability tests of Use AJAX technology websites easier to record

332 views • 10 slides
Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in

Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in

Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy in Bitcoin On the Effectiveness of Clustering Jonas Nick March 15, 2016 Privacy in Bitcoin Jonas Nick 1/34 Bitcoin Clustering P2P wallet leak Analysis Conclusion Privacy

1.22k views • 96 slides
Intervention, and Referral to Treatment Tool Cindy Clouner HECAOD Powered by: The Ohio State

Intervention, and Referral to Treatment Tool Cindy Clouner HECAOD Powered by: The Ohio State

5/24/2018 ScreenU: Exploring a Screening, Brief Intervention, and Referral to Treatment Tool Cindy Clouner HECAOD Powered by: The Ohio State University The audio is by default through your computers speakers. If you would like to call

670 views • 19 slides
Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine The Free Haven Project {nickm,arma}@freehaven.net Scope Introduction to anonymity How we got started Introduction to mix-nets

649 views • 27 slides
Inf1-OP Bonus Lecture - JUnit, Lambdas and Streams Volker Seeker School of Informatics March

Inf1-OP Bonus Lecture - JUnit, Lambdas and Streams Volker Seeker School of Informatics March

Inf1-OP Bonus Lecture - JUnit, Lambdas and Streams Volker Seeker School of Informatics March 20, 2019 Automatic Testing with JUnit Test Driven Development Source: https://dzone.com/articles/what-is-refactoring Simple Calculator Calculator

1.09k views • 45 slides
Human-Computer Interaction 12. Evaluating User Interface (3) Dr. Sunyoung Kim School of

Human-Computer Interaction 12. Evaluating User Interface (3) Dr. Sunyoung Kim School of

Human-Computer Interaction 12. Evaluating User Interface (3) Dr. Sunyoung Kim School of Communication &amp; Information Rutgers university Recap: Why doing evaluation? If we build a product, service, an interface, etc., how do we know:

576 views • 39 slides
Unit 3: Foundations for inference 3. Hypothesis tests PS 3 due Monday 12.30pm STA 104 -

Unit 3: Foundations for inference 3. Hypothesis tests PS 3 due Monday 12.30pm STA 104 -

Announcements Unit 3: Foundations for inference 3. Hypothesis tests PS 3 due Monday 12.30pm STA 104 - Summer 2017 PA 3 due Monday 12.30pm Midterm grades? Duke University, Department of Statistical Science Midterm course feedback

187 views • 4 slides
Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The Samba4 torture suite is an extensive, general purpose CIFS test suite. It is not Samba specific. All CIFS vendors should take advantage of it to

377 views • 21 slides

More recommend