Modern Security Model for Embedded Linux Distributions

Video in TIB AV-Portal: Modern Security Model for Embedded Linux Distributions

Formal Metadata

Modern Security Model for Embedded Linux Distributions
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Security and privacy of information stored on embedded devices is gaining on importance. It turns out that security models designed for desktops and servers cannot be directly adopted in embedded devices. Moreover desktop systems themselves seem to lag behind, when it comes to accessing privilege-oriented resources like camera, microphone or address book. Aleksander will show how growing security requirements for operating systems are fulfilled with usage of existing Linux mechanisms, like MAC or DAC and new ones, like Cynara and Security Manager. You will have a chance to learn the complete security framework implemented in Tizen operating system and Linux Foundation's Automotive Grade Linux and get to know how well designed solution can provide security and privacy for whole system, relieving efforts of 3rd-party developers.
Axiom of choice Presentation of a group Software developer Model theory Plastikkarte Degree (graph theory) Computer animation System programming Video game Software framework Smartphone Information security Window
Implementation Focus (optics) Information Multiplication sign Model theory Data storage device 1 (number) Information privacy Neuroinformatik Connected space Computer animation Integrated development environment Order (biology) Smartphone Software testing Information security Proxy server
Covering space Android (robot) Touchscreen Computer animation Software Different (Kate Ryan album) Personal digital assistant System programming Online help Cartesian coordinate system Descriptive statistics Neuroinformatik
Classical physics Latent heat Group action Computer animation Keyboard shortcut 1 (number) Extension (kinesiology) Cartesian coordinate system Information security
Server (computing) Group action Email Multiplication sign Source code Cartesian coordinate system Mereology Latent heat Digital photography Computer animation Software Operating system Hard disk drive Spacetime
Point (geometry) Server (computing) Game controller Context awareness Mapping Design by contract Web browser Cartesian coordinate system Digital photography Latent heat Uniform resource locator Computer animation Internetworking Operating system System programming Right angle Game theory Social class
Server (computing) Uniform resource locator Presentation of a group Computer animation Operating system Content (media) System programming Cartesian coordinate system Flow separation Metropolitan area network
Computer animation Open source Software developer System programming Video game Staff (military) Limit (category theory) Cartesian coordinate system
Mobile Web Distribution (mathematics) Computer animation Open source Model theory Planning System programming Plastikkarte Mereology Information security Product (business)
Game controller Group action Mathematics Computer animation Computer file Personal digital assistant Weight Model theory System programming Information security Asynchronous Transfer Mode
Computer virus Group action Computer file Model theory Sampling (statistics) Cartesian coordinate system Rule of inference Process (computing) Computer animation Different (Kate Ryan album) File system System programming Object (grammar) Information security
Computer file Block (periodic table) System administrator Multiplication sign Model theory Moment (mathematics) 3 (number) Antivirus software Kernel (computing) Computer animation System programming Object (grammar) Information security Spacetime
Axiom of choice Server (computing) Group action Run time (program lifecycle phase) Code Multiplication sign Similarity (geometry) Information technology consulting Computer programming Neuroinformatik Facebook Fluid statics Different (Kate Ryan album) Well-formed formula Database Core dump Operating system System programming Energy level Extension (kinesiology) Mapping Cartesian coordinate system Uniform resource locator Computer animation Video game Object (grammar)
Group action Information System administrator Cartesian coordinate system Rule of inference Data management Component-based software engineering Computer animation Different (Kate Ryan album) Operating system Video game System programming Cycle (graph theory) Information security
Context awareness Group action Computer file Workstation <Musikinstrument> Model theory Cartesian coordinate system Rule of inference Process (computing) Voting Computer animation File system Video game Cuboid Cycle (graph theory) Information security
Domain name Server (computing) Mapping Cartesian coordinate system Flow separation Neuroinformatik Arithmetic mean Computer animation Personal digital assistant Operator (mathematics) Database Table (information) Identical particles Task (computing)
Mobile Web Android (robot) Context awareness Computer animation Information Computer file Operating system Content (media) System programming Convex set Cartesian coordinate system
Server (computing) Group action Distribution (mathematics) Multiplication sign Planning Cartesian coordinate system Wave Mathematics Internetworking Database Operating system System programming Video game Office suite Reading (process) Social class
Classical physics Server (computing) Group action Context awareness Functional (mathematics) Model theory Operating system Cartesian coordinate system Information security
Classical physics Server (computing) Implementation Group action Model theory Archaeological field survey Insertion loss Mereology Cartesian coordinate system Computer animation Angle Bus (computing) System programming Video game Information security
Existence Server (computing) Context awareness Game controller Computer file Patch (Unix) Direction (geometry) Online help Client (computing) Different (Kate Ryan album) Term (mathematics) Bus (computing) Information security Metropolitan area network Model theory Cartesian coordinate system Arithmetic mean Message passing Computer animation Order (biology) Configuration space Right angle Thermal conductivity Communications protocol Writing
Classical physics Computer animation Software Different (Kate Ryan album) Software developer Source code Cartesian coordinate system Information security
Android (robot) Topological vector space Server (computing) Context awareness Group action Hoax Divisor Computer file Multiplication sign Boom (sailing) Coma Berenices Product (business) Revision control Facebook Web service Different (Kate Ryan album) Touch typing File system System programming Software framework Extension (kinesiology) Information security Default (computer science) Prisoner's dilemma Model theory Projective plane Fitness function Plastikkarte Planning Bit Cartesian coordinate system Uniform resource locator Arithmetic mean Process (computing) Phase transition File archiver Video game Right angle
Server (computing) Group action Link (knot theory) State of matter Client (computing) Information privacy Rule of inference Code Number Semiconductor memory Term (mathematics) Network socket Bus (computing) System programming Information security Distribution (mathematics) Demo (music) Model theory Total S.A. Cartesian coordinate system Connected space Particle system Data management Process (computing) Computer animation Software Right angle Metric system Table (information) Family Library (computing)
Point (geometry) Slide rule Group action Context awareness Server (computing) Digital electronics Open source Computer file Ferry Corsten Multiplication sign Patch (Unix) Mereology Disk read-and-write head 2 (number) Number Pentagon Revision control Different (Kate Ryan album) Ontology System programming Information security Addition Boss Corporation Distribution (mathematics) Interface (computing) Model theory Moment (mathematics) Graphical user interface Digital photography Process (computing) Computer animation Personal digital assistant POKE output Right angle Near-ring
Computer animation
the OK so stars uh let come about me and my name is hi x and those the I'll come from Poland but currently I'm based in Switzerland where I'm going to tell you about all the security model for the
Linux operating systems
uh why you might be interested in this town well uh this particular model is meant for embedded systems that life smartphones smart watches smart degrees and so on and so it's probably unlikely that you will have have to design such kind of system in the nearest future because they're all already many of them I can't do it tireless windows and he dies and even if you haven't heard of it before uh about if you were uh yesterday on John Hollis presentation about Hylton devices uh and there's gonna be a whole lot of them this I 2 devices and each of them is going to run on some systems probably uh and indicate that 1 but maybe not so and someday will need some a security until the year 2020 and there's gonna be 10 million of us developers focused strictly on IOT devices so there will be out of work on these devices and these devices will needs to be secure and I'm going to present a choice for a security framework you can use on these devices if you have until design and develop or develop a system for for for such devices the the well and
what I'm going to do it tell you about and 1st of all the and about security considerations security requirements of embedded devices how are these requirements are different from uh for example don't mystical computers or Cerberus why is it important next what what is the mission to accomplish in order to have this security and in place and working next we're gonna focus on some technical details implementations and so on uh at the end we have some short summary and if time allows a short Q and a sessions the so what about this security
requirements our why why we need security on embedded devices on there's there are a lot of IOT and other embedded devices right now and the pictures above are just pretty well right now we use more and more of by the devices and twist or Lorentz tomorrow private data on them it and and this one's like smartphones model to establish it is are probably known as tools to store such kind of data but there are more yesterday you could see that up there thermostats just even pregnancy tests with connectivity baghdad Jonathan they showed and sometimes we we are not even aware that these devices are surrounding us and a big garden and store and share information about asks about our environment yeah however there is some some data on them flying between them and is to be secure but so
maybe some simple examples uh efficiency tool synoptic trust 1 taken on until the 2nd taken Android this is screen showing installation of software on the corresponding devices uh what's the difference Simon the valve cover and name of the application some descriptions some nice screenshots about what's what's the difference between desktop computer likable and embedded mobile device like undo it in this case well yeah when you
try to install actually installed the application the In the 1st example we are presented with a possible front to help indicate and to so the system knows that you I love tool for his help and to use this application and on the 2nd a picture there's the small as a our privileges that the application will be using and that's the minor difference that go as go far and so want or in this case
is using what I call classic security approach I mean installed and run application acts on behalf of the user on behalf of asked to the full extent extent the application ones around can do whatever we will do what whatever we could do by sitting at their there no without keyboard which knowledge and so on on the underside for example uh there's there's something different uh the application of course also and actually power because but not the full extent it too was limited to the very
specific sir actions it can it can do but so what about
this operating systems run on the desktop and service may be and to compare them to the a mobile or embedded devices failed to devices for example so the operating system is just a piece of software that constants space on hard disks and talk source appeals to its goblins somehow for services some precious resources and it helps us the using the
of course there are many resources and services like this 1 presented here for example in my our you forking a that's the there's not not given pointing distinguish them to services and resources they may provide some services and have some resources at the same time it doesn't matter they live in our operating systems and serve us in some way what Monday great bonds here if yeah that will this services and resources we or our obligations can do some specific uh things come you some specific actions like for example in e-mail it can create pride in most you can preview of contacts you can use a camera for taking all photos or maybe this there is an application also allows you to browse had already taken photos and so on once that will find here is that With this services and resources there are some actions connected and these actions are part of connected with religious I mean if application is going to use for example In my services you have you could you should be available so to tell that may and tried to invest but mainly couldn't preview of the of contacts and so on the the for but of course
these the services and resources are not only for you I mean of course going to use so let's do it in a so right what you need some applications in your operating system and there are uh really helpful In a clear and browsers games what similar and in the classic approach to security like in presented want to but it doesn't it is intended that want to it's rather a class of systems like uh despeckle desktops several all the specifications once installed have all your privileges they can act on your we have it out so all of these applications you can still have the same rights like you to come Internet location services contracts and so on yeah and it's not the point to this all the applications to to produce a lot just find in in the sciences because it's probably a good things so maps have uh the axis location services maybe even come around could have this access to the texts that had taken photos but problem the continental against shouldn't have access to come out of context so what we need its axis control to this services and resources and the what do we need the
it to the well we
need to surprise things uh the operating systems as a 1st we need to separate users you tool tell them apart this 1 the user can access location services and the other 1 doesn't and we need to distinguish to tell apart the applications like mobs have access to location services by but that you not and the 1st Costa and I mean separation of users is already there in unix systems Linux systems and
the separation of is applications is a whole whole larger and more complicated contents and the there of there presentation today is about this man so but the solution
this problem separating cues of certain applications is already there is implemented as 1 of the developers who lamented at and I'm going to presented to uh this is this all of staff ongoing represent present-day is open source so every 1 of you can take this try this and to implement this in in your setups it doesn't have to be use all of you also on the as I will strive for something uh so every 1 of you will can take this and to implement up life to we'll all systems and existing systems and it's us you will hopefully see in that Denmark and longer presented it's not only limited school they're embedded
devices uh but we can go beyond this by the that that work so
and then model I'm presenting was originally uh initially developed for Tyson operating system is our plan they distribution it's Samantha uh mainly for embedded and mobile devices it's of open source effective already knew sheep on many uh devices like smart watches smart Martin is but there are more on other
than I mean for of products which are using the uh some
parts of this uh
security models maybe you have something called a son sometimes all of these products there are more and these are just examples of of of users to so
and then this will
security model consists of
3 by last and discretionary access control uh security models In this case marker and 1 uh of space-based it's yeah I'm going to go through
all all of them 1st is not uh you probably have about this even if you don't have to of this you will you are using keeps every day is just plain
hold I mean security model for a present in Unisys like for 40 years uh you know in the comments like tangible net change mode and so on and this is it it's used to separate users and their resources and you probably all know how to I'll access to your files on the systems so some group of users and this is it it you can have sustainable for the crowd co-executive and so on those not uh much to say it it allows to fulfill the 1st restriction of separating user and this is the 1st you are and it is used for but the 2nd is smoke
bombs yeah and who has ever heard of yeah OK some of the dual of Cr and maybe as to Linux hertz some small wells now it's it's it's it's something like this is the smartest 1 of them Linux security models think of 2 in breast access to the resources but in different ways but I had done that's thus only he in
operating systems you have some entities like proteases all the finest 90 and you can thanks to smack label them for example you have and file on the file system and you can uh and give it a label into sample uh liable to and it's 5 on our this and there's a process for example which is labeled with label 1 and we can have some rules uh which with which tell what actions this subject for example process labeled somehow can on object labeled maybe differently if they have to the same label then the axis is unrestricted but in the labels are different data rules which tell this subject with this label can operate and that's not right dead object labeled from differently the but and of course many objects and many subjects may have this this very same label so for example all files in 1 of the director is can be labeled with the same label so that process with uh distinction rules can access all of them and maybe other processes without a rule rules to access this virus will not is and there are some
conventions of labeling objects and subjects and in in operating system I mean um independent he depends on you know about the security model and presenting uses this convention for example there is a label of flora underscore really the label some on the system tho is Dennis label user to label a files and directors of users and so on but it is just a convention for for simplicity and for his of administration
there's the 3rd block pound the 1st blasts where well they were allegiance following time as was in the news for its very beginning the antivirus here along the Indian exists and smart I believe were in was in the works from uh 2 thousand 8 and under a new security models where there since the beginning of the century but something new 1st of all it's not uh and it's not in kernel space like uh the former to a work and its user space 1 and it's uh dedicated for 4 the presented solution how it works so how will expand moment and this is it for
example and in doc you have axis lights for the fires each day some user of or some group cool to read or write this file in smart you have to labels this label subject which In this label of can read or write object with I Netherlands she on it's different from level we have a service saying if location service like GPS and we have some obligation in operating system might not and not not connects to the application service and requests the consultation of both the of the system of the user of the system but how do How does this star is now is this particular application uh can access location well in doesn't it could have some mapping some doctor based in the with with the answer for this question yes maps can have location program glottal cannot much it may work but it will probably be static just as static mapping core database and the 2nd thing is that the average service In the operating system would need similar mapping code database uh well and it is the use was people solution uh what what I propose is similar to not out it's such if that kind of database so I was a was just spoken about its knows all the answers for for this kind of questions that is not 0 allowed to use location services is Facebook of tool was contact these and so on uh it's in our it's amazingly not sophisticated 1 it can store their entries statically uh life yes Facebook has access to and contact is but it may also computer uh this answers on the run the run time with some extensions for example and if your from you know if I also formula under systems uh that you could be presented with found a pop-up asking if in these applications of this time can have access to to some service or some resources and and 2 and it's not computes the answer and threatened to it to the service and this concept is a distinct yes or not so it's not so if this article request can be served or not the as how
can How lasts an hour on all the answers there are some centerfolds you in in the system the there are manifest of installed applications if your from we've never looking for unemployed operating systems that you know what is 1 of the it's simply uh tells and operating system which and with which privileges I'm going to be needed but by these applications and user can accept them or not does the prioress in under the and if you will in coming up with new where as underlying systems the new knowledge that's in there right there on time after the application is installed you can grant all the nite some of the privileges and this is the once you my accepted Facebook tool use your contact is but in the other day if you use it it doesn't have to be solved and at the end the sole sort of straight to crawl who can alter or this or this choices the so how does it work in
practice I mean how how it's the what mean in the last cycle of obligation what actions under the but
1st there's another component of this solution it's called security manager who is undermined come for all these uh information it's also that the great problem is used it it is used in many different aspects in many different steps of for our life
cycle of the applications example uh it takes spots and installing implanted complications it's managers Clifford policies and tools in the system it's it's a how where administrator or or users can can can do they work to manage the rules in the operating system it so fast that
new life cycle of the application is of course this station of his of this political application and now follows and box but it's true you nothing interesting the more interesting thing is and after putting the files on the file system we Grant axis with dark for example we apply uh axis rules cool can read the files next we label them with snack labels which and which means we tell what processes can access files what processes can access other processes and so on a
next the application is run the uh the minus step in this uh lunching voters is applying the so-called security uh context uh and publications in this security model has has to have the security contexts which is conf a which contains not only smack label the process of application grants so we can use this mark rules uh to all accesses between the processes are processes and uh and fights for example but also groups uh 0 with it's also important because we can have accesses to fires and so on the on this device of this but to countries like so uh how does it
work in practice and as I told you before on the simple example there is and this GPS service it's probably just uh had to request from some kind of application for example in this example not to have forwarded the location and as I told you before it needs to ask to narrow it is perhaps this is granted so what was that
and I want to happens 1st of all as I told you In this mission of separation and we are able FIL distinguish users and processes so the GPS so in this but you got an example you can't tell what user is surrounding this not obligation and what's this offer up it must publication is I mean how is in a different form from on a application so it has UID for their user running these maps and the task smock label all these not publication a it's slot nothing and heard not and whole publication of this send kind I mean from this same is a good table I run with the same smart or even the date uh around with different you ideas for example uh Susan and Bob so was not not has a label for example not and lobster a maps application it is the same application with the very same uh not that GPS is also this credential clothes this credentials UID of the user request and this marker label all the applications and forwards institutes now with the there a request was day the question if this tackle this pair of so-called uh in this case it's it's it's labeled applications and this particular user can have access only to privilege in this example it's it's it's operation privilege it's an hour is calculating the answer it's my come directly from that database it might be calculated computer uh by external outlined means light ballpark like maybe contacting some external service even maybe Wendell domain whatever and the GPS uh service gets the answer right back and distinct it's also it's yes or not to grant access or deny you cry and hopefully we
can show this on and then yeah the the I yeah prepare them all to
on I don't know is going to lower our Fedora and it's not embedded system definitely but I wanted to I just wanted to show that you are not limited to that and embedded in the mobile device so FIL we are we've told applications installed on the operating system 1 of his contacts and 1 is some other applications in a couple at all so what do not assume this 1st squared is that as I told you at the very beginning there are this privileges like in Android or I can files for example and if you would have and this information that contacts publication have read access to contents in the nite and the also well editing context is also denied entry go I will follow and so in we ran this convex
application the and I think seen contact could not be fetched from a 2 compounds book uh which is service in this example it would be plane fire a database but whatever as where know that the still reading or editing is the nite so this application could not have his office the the next if we change the permissions in for the time I mean when was life system and this time we have it we can access that conducts we not now which try to edit contacts as you can see the axis for editing his denied so when we try to save With have permission tonight for this action the thing is is it it can class well so so so to come no would change and permission a 2 ask users so every time as some application will try to edit conducts will be presented with a pop the the now we saved this better got and and we are presented wave have promised to how this are not the the if we're denying then we again have this permission denied and we see
the it it's is done we could save uh and this comes it to what's more and this publication was the different I mean it be installed 8 it requested in the manifest that it will be using contacts In this spectacle way I mean it requested that it will read contacts and edit contacts and we have an possibility tool change this permissions to alter distributions even in light there's also a another publication it's not so legitimate but somehow that it's spread it is present in our operating system I mean it's just a random application where we don't want if an from Internet and to he didn't request any privileges but let's see what was what would happen OK so we know know
this publication it seems to be if and it's that's what it does is a complicated but it has a hidden functions that's why it's still I it tries to it our context it wasn't supposed to do so the but with plain old classic security approach there is nothing to stop this application from accessing the resources From qualifies histone the on access services on our operating system when we use this security model and presenting which we can know with an older this application which just until wants to do something that it's not supposed to do and who of course denied this action the but what if if we out yes it just red our context on and I believe this is it for the them on hopefully you know we get that idea the
just and on the implementation of the and a this I contact surveys was was a service as in this example it served on the the Basque IPC but it doesn't have to be the busses could be unique soccer to who you are over anybody but it was I B C and the bus in this uh part by example sometimes we have some resources that 2 we don't want to be is governed by a service for example we we want to have overall access to their come device on our uh system just because it is just and the we can build a soul as well within this security model but and this is
how we use groups we up to life angle for example come users to the device that is device of Our come around our microphone a of the and when the application in this example camera is launched with alkali this for this application we do not apply in this group like classic and approach to the user because if user losses of Wasserstein camera users group all of the application will have access to this device but we don't want to we have we want to distinguish that comma application has this axis and calculating doesn't and so we do not put to use in the group slept put distinct applications of this user is done in a lunchtime and think what was just like a it's like
OK that would be it but there are some of the lungs was and
1st of all you probably noticed that when you have some service like in the examples here on the conduct service or so with it has to have some hold to contexts scenario direct in order to know which requests should be served upon this is true for the services they need some modifications by the day doesn't have uh they don't have and if the services are using the bus but then is already done I mean it would have a patch for the last so we can intercept messages a on this the it's transparent for both servers and clients they don't even have to know of existence of this security model of snow and so on you just write config files that some got noon service their methods on the bus are and protect it with some kind of access rights and that's it the 2nd 1 was is nothing it also us to configure the very same mean chances control for networking I mean that this application can access the natural resources of the other doesn't you can um contiguity on different uh and access for different halls 4 different protocols and so on and so and the 3rd 2 of his nice what the there are is the you can how did all this stuff I mean you can follow their requests you can follow them uh and accesses you can and answers for this for reckless in terms of was this request a man who held on tonight and so on and this is important especially on making of uh the work with this security model because you have many services and applications and uh sometimes it's hard to configure it properly from the very beginning and this little uh is help thinking the OK so hopefully I
showed you in the difference in their main difference between classic approach to this to security and the 1 on the the uh and proposing by hopefully I showed you that this classic mechanism is not enough in modern world with we've funeral more and more applications from different sources like the different kind of applications those and so on and that's it if you have any
questions I think would have some time yeah and at this stage of development from couture software also of the connects a solution for the application could you explain what what my by faith on if you have some application that is evil
but the user once once this application for example you have a facebook and the influence of Facebook and they capture of all your contacts at the installation process and afterwords alone you can block them from your context but it's insulation uses mandatory you gave them access to your context so they are going and so on yeah I have to as of I want as it is the user wants so Facebook to run on his device and if it's not run this properly done he would rip off your extension of your security extension to get this application then a simple mean an the meaning that if at installation time I grant a d'application rights to with my contacts no no no problem for security reasons you have to do work on a fake of indirection off that you have to fake that your own contacts I'm or and there are only you of knowledge should show up in it and the days then due to Facebook so they capture nonsense and so on I but but you can instead a installed that application and afterwords you can block the boom the continents blue as a contact Quentin's for the application and phase was fine OK uh now I've been at a fast you don't have to do I mean this approach was taken use of ideas and go by uh it's a it's the an ongoing not product and bit before Android has this a new work a security model which out in on time to alter the privileges the but you don't have to do this this way because when when you installed applications and and the privilege it's an privacy-oriented like contacts like location and so on it's come if conf endured by default to ask user on the 1st use like in newer versions of 100 so of course the application phase your example uh In manifests and requests access to contacts but the or it will in it won't get it before 1st prompting cues if you there want to yeah I understand but on is a user 1 step application and to them if he has to decide so would a get my contact or not and you make a pop up and there that he can in so was a granted urged and he cannot inside if you say snow so you will say yes and live with that uh OK but 1st of all in the application will be useful anyways so I mean you pockets at the In requested a privileges but they won't be granted before 1st use a truly before so so when the this phase complication of grants for the 1st time and it only then it accesses did a com contacts at this time you can decide do I accept it or not much tiny nonsense contacts it's on different life it it's it's the will to needs to be implemented in this uh context service for example this framework that doesn't fit and yeah but you said them you have to update on the implement that in your services so no so why do doesn't we implemented to young and we we call to implement it it this way yeah but it's an we did we don't think it's it's 1 it I mean the this ballpark is only 1 of their extensions uh told us circuity uh and what I mean there's at the mean which shows pop up on or deny but you could to implement your own extension which prisons pop up uh alone deny but on nonsense it will be up to you what happens when user chooses depth at a caution that in we I mean this framework is very generic we run it on dies and smartphones for example smart TVs with ties and I just showed you on it on the moon said on if we want us to implement I mean we don't know what services exist on a system is is is generic it it just certain grants accesses or not it doesn't know about web services are on of the systems yeah what do these services to do so implementing such things like retirement nonsense as contact is beyond this project and the only yeah this yeah don't has it been run on mobile into touch for example yeah uh now all I want it on to a plan won't to like that that desktop and it works OK I think that it is the there there are no restrictions our running it on a 1 to touch you just and you have to implement the and for example this pop up an extension for in I mean to this was just a quick example I've factor in what 1 evening could just to show you on the more it was in duty if you implement it in talk uh used on that want to attach it into it what great thank you the on the how would as a technique can be grouped so it is a polar months to augment it as an endless book riches in some of the kind of size as it some
more intercept to system costs are or how how does it to prevent a poem from by placing the OK if others this book a was archive on the file system we would apply our group to this fight for example and conducts users and on the users In this group would have access for this file and also all only applications which are in this group would have access to the so yeah In the lunchtime although the publication here
farm you have what applying rules for that process so that so if this uh that base with contact has an group and conducts user then this up this 1 application this this plant application would need to have uh with and I would have to be invisible to us is this 5 In does if not prepare attendance was network connection say when you plot the ordering you want to what metric socket servers usually doesn't depend on any kind of courts in the Knox and yeah this is uh done in by the special have model is uh it's no and it's
an intersecting family in packets and I don't remember how this technique is called but it's just like in might be tables uh which decide an hour which pockets can go pro and with which can't it's it's more like some kind of simple uh firewall but and it not only and checks the origin and destination of that pockets but also it knows about which users and which applications created this bucket or which shows and which application is uh is going to do to get the fuck sings the to as far as I'm concerned from you just said that you just take up the the demo and the privacy manager I think it's it's actually pretty nice solution just something like that on a on a desktop system as well so some are you at all at any stage planning to to it to actually really so and and to work on my privacy manger like that in the future or was it just for the demo and and someone else is connected to the al-Qaeda 1st of all in know I'm not going to continue on this because it would have been installed it's gonna need much much work from there from not only have the state of the particle installation but from managers of distributions I mean there contact service presented here and around of on the bus so if if services run on the bus we can just by should the bias in 1 is fashion within 1 distribution and and to it will would we OK but many services and not done that you knew them that don't work on the bus they they opened they on so credits and a shattered in memory and they showed they fires and they will do is to be modified in some way of course that it's in our provides some helper libraries so an you can use in this library tool modify the services without much effort I mean you just uh link with this library and you'll have a socket from the client you just a gift this elaborate the socket and it's and it's uh mn might makes the work so it's not much effort to modify uh services but New has a lot of them and to for this security model to be effective you have to know and modify holders resources of the services in its I showed it on a desktop system just to show you it's possible that it is if it's visible I I don't think so yeah so it's better suited for mobile by the had that as as is that is because there's 1 manufacturer Woodside so what kinds of applications are shipped with the but folder and of them of course they can monitor those few applications and then move you also some itself is of course builder Rompres security model yes yes of course uh as a total the beginning of this term executing model meant for Tyson operating system and uh I worked on on on this the what I worked on ties and and we codes and decide which way to go and sweet codes even implement the needed and modifications to the services and there was and in a limited number of the services if you want to go to the wild plants deleting 4 . 1 it it is just too much work thanks but the the the hello I have a question regarding the camera example that you have there it handles is 1 of the 1 with the camera users right it's 1
that I wanted to ask you to to you
activate some group right to access the
camera out of that would if you want to exit the camera and also a GPS so long ewected another group or like if you ever process moves its or income the 1 group so you can out process
head groups when they're protease is launched mn it can a around with arbitrary number of groups so it can apply it to come on groups the come right users moves and GPS users group and so on and so it's arbitrary anomaly uh just like user can be at the same time in different groups the process as well it can be in several groups in the 2nd and the same moment market according to their what a bonus question OK the thank you for them as far as in this photo the Samarra requires a pitch people's 2 0 point in a secure manner uh yeah and this is a others patch is going to be integrated in into people's and not growing a I mean dies is open source and you can don't want uh dispatches from uh ties and don't ontology but we we haven't done and FOOT at it tool upstream this practice tool has to the boss but not an I mean we the we take the newer and newer versions of the lessons with we have but not part and this this patches but it's not really and in I don't think it will be in in some new new future this concept and is and not so popular I mean and this is 1 in several assistance like uh ties and for example uh some parts of this model are on different uh file T oriented to the distributions but it's not so popular that it would be accepted in in upstream the besides having not not in near fruit look at how does that to differ from something like police circuit the people doesn't differ much but we do have to be honest we tried to use always acute instead of its now in policy peak is something that town it's meant to run in a GUI interfaces and 9 so even I don't want to uh say it was policy it will slow but it was there that he had an if you want every inch every single request for some services of our resources in operating system to be let's say this lets you this what intercepted interpret and managed to the can be slow and book it was too slow for us so we we we implemented I mean poke was OK but I mean 120 seconds he's not the not if you'll should pop up every time that if you do this 7 out of the hundreds of requests per 2nd it much OK and 1 most from I input a conception of illustrated in the slide erm assumes his work something like those who whom to supplies the addition eclipses opposes such start up of proposals yeah I mean this is a land and is some privileged process which can apply apply uh a different security context for example groups good thank you all that we would you go to firms so so that you Pentagon from the from theft