Tizen, Security and The Internet of Things Casey Schaufler 1 - - PowerPoint PPT Presentation

tizen security and
SMART_READER_LITE
LIVE PREVIEW

Tizen, Security and The Internet of Things Casey Schaufler 1 - - PowerPoint PPT Presentation

Jul 21, 2023 245 likes •488 views

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security Dinosaur Smack Linux Security Module Manager Tizen and Linux Kernel Security 2 Tizen Linux based operating system Project of the Linux

slide-1
SLIDE 1

1

Tizen, Security and The Internet of Things

Casey Schaufler

slide-2
SLIDE 2

2

Casey Schaufler

  • Security Dinosaur
  • Smack Linux Security Module
  • Manager Tizen and Linux Kernel Security
slide-3
SLIDE 3

3

Tizen

  • Linux based operating system
  • Project of the Linux Foundation
  • Lead by Samsung and Intel
slide-4
SLIDE 4

4

Security

  • Does what it’s supposed to
  • Doesn’t do anything else
  • Know the difference
slide-5
SLIDE 5

5

Internet of Things

  • Collection of computing devices
  • Heterogeneous
  • Autonomous
slide-6
SLIDE 6

6

Things

  • Just want to perform their function
  • Not primarily computers
slide-7
SLIDE 7

7

Things need to communicate

  • Willing to talk to anyone
  • Wide variety of “networks”
  • Free from traditional administration
slide-8
SLIDE 8

8

Device Views of the Internet of Things

slide-9
SLIDE 9

9

Security By Proximity

Only connect with things nearby

slide-10
SLIDE 10

10

Security by Obscurity

No one could possibly guess!

slide-11
SLIDE 11

11

Security By Pairing

Ask human permission Requires a user interface

slide-12
SLIDE 12

12

Security by Wire

1970’s Smart House

slide-13
SLIDE 13

13

OPEN INTERCONNECT CONSORTIUM

slide-14
SLIDE 14

14

Back To Tizen

  • Linux distribution for devices
  • Collection of profiles
  • Common security base
slide-15
SLIDE 15

15

Tizen Security Basics

Smack Capabilities User Based Controls Systemd Cynara dbus Buxton Connman Crosswalk Weston X11 tz-launcher Bluetooth Ofono HTML5 Application Native Application Kernel Services

slide-16
SLIDE 16

16

Write Read Additional restrictions may apply

Tizen Three Domain Security

Floor (“_”) System User HTML5 Application Native Application

slide-17
SLIDE 17

17

Tizen Application Privileges

Linux Kernel Services Cynara Service HTML5 Application Native Application Service

slide-18
SLIDE 18

18

Security Perimeter

18

Internet 4G Body Area Network Bluetooth Application

slide-19
SLIDE 19

19

Application Privilege Attributes

  • Name of the privilege
  • http://tizen.org/privilege/vibrator
  • Smack label of requester
  • RaunchyRhinos
  • UID of requestor
  • 5001
  • Access permitted
  • r, rw, …
slide-20
SLIDE 20

20

Native Application Woes

  • Use kernel interfaces directly
  • Avoid service based controls
slide-21
SLIDE 21

21

System Object Attributes

  • Smack label
  • UID
  • GID
  • Mode bits
  • Smack access rules
slide-22
SLIDE 22

22

Running Applications

  • Unique Smack label per application
  • Unique UID per user account
  • Application launcher
slide-23
SLIDE 23

Thank You