Platform Security Presentation
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,699
On Slideshare
1,694
From Embeds
5
Number of Embeds
3

Actions

Shares
Downloads
10
Comments
0
Likes
1

Embeds 5

http://i9.house404.co.uk 2
http://www.slideshare.net 2
http://www.linkedin.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. i9 Platform Security Microkernel-based design, with strictly enforced Messagebus and server architecture ensures that the core of the system is stable, and will not fall over if a component (e.g. a driver or a component of the network stack) fails for some reason The entire system as provided by the i9 Project is provided as Open Source (naturally, this doesn't always extend to things that the user installs), and does not contain any binary-only components quot;out of the boxquot; Deep instrumentation and visibility throughout the system, with full access for users and developers, and no hidden ways of preventing a process from being instrumented (as happened with Apple's DTrace port and QuickTime/iTunes, to the disgust of many) Only One Way to do IPC throughout the system - through the system Messagebus and a transparent API/ABI quot;Trapquot; specific to each IPC type (e.g. D-BUS and System V IPC) All drivers, and components non-critical to the functionality of the kernel are implemented as Servers in userland (e.g FSServer, and NetServer), with connectivity via the Messagebus to the kernel Although it is possible to view the raw contents of RAM (via /dev/mem), it is not possible for any process other than the Microkernel (including those owned by 'root') to write directly to it Additionally, it is not possible to patch raw areas of RAM from within the userland (so folks looking to hook in to implement DRM, or some form of malware should go elsewhere, although they wouldn't have much success) Most importantly, these measures are not intended to be obnoxious or annoying to developers and end users, a security panacea/be-all-end-all (although that applies equally to every system), or there to enable the implementation of DRM systems or other restrictive technologies, or even to prevent some form of malicious software to be written and executed (and yes, we realize that there are probably ways to circumvent this stuff) 5th May 2008 http://i9.house404.co.uk
  • 2. Granular Process Control Granular Process Control is a system for restricting the usage of processes and System Servers from boot time, either across the whole system, or only for specific user accounts They can be used in conjunction with POSIX Personality permissions/ACLs, and the security features of other Personalities, or on their own, depending on the desired effect, and remain in effect, even if a user elevates to an account with higher privileges (e.g. by using su or sudo) or switches the active shell Personality They can also used to reinforce the settings in /etc/personalities It can be configured by modifying the commented configuration files in /etc/boot/processcontrol, or potentially by using an LDAP or NIS server record (you could create a fancy CLI or GUI tool for this, and upload it to i9Forge ;) ) There are a number of use cases for this (including, but not limited to these): Restricting or disabling use of external storage devices on corporate systems, to decrease the chances of users leaking confidential information Disabling non-essential system components, to reduce the potential attack surface, or to decrease the system resource footprint Providing remote-access systems with restricted network functionality (e.g. a system for compiling source code uploaded with FTP and providing the user with access to the resulting product, without allowing the system to be used for access to other systems external to it) Use in conjunction with a firewall (e.g. iptables) to prevent users from opening certain inbound or outbound IP ports, or launching executables that listen on them (e.g. SMTP daemons) to prevent a system being used as a spam relay 5th May 2008 http://i9.house404.co.uk
  • 3. The Big Picture See below for a rough diagram of how this stuff fits into the system: (Disclaimer: This does not show every possible component, or how every single component integrates into the system) Support for the somewhat controversial Trusted Platform Module (TPM) cryptoprocessor and certificate storage module is not currently planned, and the position it would have within the i9 Platform Security Framework is unknown. EnforceGPC SecurityFramework Microkernel Messagebus PersonalityServer FSServer Personalities User Processes NetServer Other Servers 5th May 2008 http://i9.house404.co.uk