TOMOYO Linux on Android (Taipei, 2009)

1,703 views

Published on

2009平價電腦應用程式研討會

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,703
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

TOMOYO Linux on Android (Taipei, 2009)

  1. 1. TOMOYO LINUX ON ANDROID 2009 at Taipei October 27, 2009 (Toshiharu Harada) (Tetsuo Handa) NTT DATA CORPORATION
  2. 2. AGENDA Part 1: Operating System Security Overview Part 2: Demonstration Q and A
  3. 3. DO YOU KNOW THIS? 28 Controller of
  4. 4. 28 is very powerful Has no intelligence Operated by the controller
  5. 5. is an ordinary boy (has no power) He is the owner of the controller of 28
  6. 6. CONTROLLER Can be used to control Communicate with wirelessly (bluetooth?)
  7. 7. TOTAL SCENARIO 1. looses his important controller 2. is operated by bad guys 3. takes back the controller 4. Goto line 1
  8. 8. OH
  9. 9. MY GOD!
  10. 10. FAULT OF No, not really is just a machine is responsible to keep the control of Like a driver is responsible for a car accident
  11. 11. EVER THOUGHT? Your PC/Embedded device are the same as It does not know what is good and what is bad You, as the owner of PC, has to administrate it Separating accounts and use passwords Setting access mode for files and directories
  12. 12. UNFORTUNATELY Those things are not sufficient Because 1. Bugs can cause buffer overflows 2. It is possible to take over administrator privilege via buffer overflows 3. Administrator privilege means all mighty
  13. 13. SO YOU NEED Something to restrict (or limit) the administrator privilege Windows VISTA introduced UAC Linux and other mainstream OS are equipped with a better access control mechanisms: SELinux, Smack and TOMOYO Linux
  14. 14. The green field is the operating system space A car is a process (program) In normal OS, car can go anywhere (can do anything) If your car is stolen, your damage is unlimited
  15. 15. WHY “UNLIMITED”? Operating system does not know you Operating system does not understand good operations and bad operations If one gets privilege, he is a God and can do anything (format the drive, stop the service, setting a backdoor ..)
  16. 16. Total idea is “limiting” the freedom You have to be careful not to limit the proper usage
  17. 17. The ideal state is car can go places you need, but cannot go anywhere else
  18. 18. YOUR ROLE Like , SELinux and TOMOYO Linux can’t know which operation is good and which is bad You have to tell them as a set of conditions, which are called “policy”
  19. 19. WHY IT IS DIFFICULT? Because additional access control works in the deep inside of the operating system (in Linux kernel) Linux kernel is not very user friendly world inode, file descriptor, lock … Policy is like a assembler language of computer security
  20. 20. pathname human inode policy
  21. 21. EMBEDDED TOO?
  22. 22. EMBEDDED, TOO? The more and more devices are using Linux A rich set of software (TCP/IP, apache, samba …) Vulnerabilities are the same with server machines Embedded devices store personal information, so security is more important Embedded devices can physically cause harm (remotely destroy/damage your possessions)
  23. 23. 3 CHOICES SELinux (fully-featured, most robust and reliable) Smack (simplified version) TOMOYO Linux (since 2.6.30)
  24. 24. SELINUX Makes judge by the combination of “label” (security context information) You can see labels by executing “ls -Z”, “ps -Z” ...
  25. 25. TOMOYO LINUX Has a feature called “policy learning mode” It gathers information inside the kernel and shows you
  26. 26. TOMOYO Linux keeps track of every process executions Each process has its “history” and we call that “domain”
  27. 27. DEMONSTRATION
  28. 28. TRADEMARKS Linux is a trademark of Linus Torvalds in Japan and other countries TOMOYO is a trademark of NTT DATA CORPORATION in Japan
  29. 29. http://www.slideshare.net/haradats/ presentations

×