tomoyo linux on android (taipei, 2009)
DESCRIPTION
2009平價電腦應用程式研討會TRANSCRIPT
TOMOYO LINUX ON ANDROID
2009平價電腦應用程式研討會 at Taipei
October 27, 2009原田季栄 (Toshiharu Harada)
半田哲夫 (Tetsuo Handa)
NTT DATA CORPORATION
1. 正太郎君 looses his
important 鉄人 controller
2. 鉄人 is operated by bad guys
3. 正太郎君 takes back the
controller
4. Goto line 1
TOTAL SCENARIO
FAULT OF 鉄人?
No, not really
鉄人 is just a machine
正太郎君 is responsible to keep the control of 鉄人
Like a driver is responsible for a car accident
EVER THOUGHT?
Your PC/Embedded device are the same as 鉄人
It does not know what is good and what is bad
You, as the owner of PC, has to administrate it
Separating accounts and use passwords
Setting access mode for files and directories
UNFORTUNATELY
Those things are not sufficient
Because
1. Bugs can cause buffer overflows
2. It is possible to take over administrator privilege via buffer overflows
3. Administrator privilege means all mighty
SO YOU NEED
Something to restrict (or limit) the administrator privilege
Windows VISTA introduced UAC
Linux and other mainstream OS are equipped with a better access control mechanisms: SELinux, Smack and TOMOYO Linux
The green field is the operating system space
A car is a process (program)
In normal OS, car can go anywhere (can do anything)
If your car is stolen, your damage is unlimited
WHY “UNLIMITED”?
Operating system does not know you
Operating system does not understand good operations and bad operations
If one gets privilege, he is a God and can do anything (format the drive, stop the service, setting a backdoor ..)
YOUR ROLE
Like 鉄人, SELinux and TOMOYO Linux can’t know
which operation is good and which is bad
You have to tell them as a set of conditions, which are called “policy”
WHY IT IS DIFFICULT?
Because additional access control works in the deep inside of the operating system (in Linux kernel)
Linux kernel is not very user friendly world
inode, file descriptor, lock …
Policy is like a assembler language of computer security
EMBEDDED, TOO?
The more and more devices are using Linux
A rich set of software (TCP/IP, apache, samba …)
Vulnerabilities are the same with server machines
Embedded devices store personal information, so security is more important
Embedded devices can physically cause harm (remotely destroy/damage your possessions)
3 CHOICES
SELinux (fully-featured, most robust and reliable)
Smack (simplified version)
TOMOYO Linux (since 2.6.30)
SELINUX
Makes judge by the combination of “label” (security context information)
You can see labels by executing “ls -Z”, “ps -Z” ...
TOMOYO LINUX
Has a feature called “policy learning mode”
It gathers information inside the kernel and shows you
TOMOYO Linux keeps track of every process executions
Each process has its “history” and we call that “domain”
TRADEMARKS
Linux is a trademark of Linus Torvalds in Japan and other countries
TOMOYO is a trademark of NTT DATA CORPORATION in Japan
http://www.slideshare.net/haradats/presentations
再見