SlideShare a Scribd company logo
1 of 22
IMPLEMENTING
CONFIGURABLE DEVICE
SECURITY WITH SECURITY
LEVELS
AAYUSH GUPTA | CHIRAYU DESAI
Overview
• Security Levels in CalyxOS
• Prerequisites
• Development
• Planned Features
April 2023 2
Implementing Configurable Device Security With Security Levels
SECURITY LEVELS
What are Security Levels and why do we need them?
April 2023 3
Implementing Configurable Device Security With Security Levels
Why do we need Security Levels?
• Users might not be familiar with the available features
• Finding the best combination of settings takes time
• Easily switching between combinations isn’t possible
• Expert opinion is helpful
• Many more as per cases
April 2023 Implementing Configurable Device Security With Security Levels 4
Security Levels
• Offers easily configurable
choices as per requirements
• Pre-configured by experts
• Restricts users from
dangerous actions/options
April 2023 Implementing Configurable Device Security With Security Levels 5
Security Levels in Tor Browser
SECURITY LEVELS IN
CalyxOS
Standard, Safer and Safest
April 2023 Implementing Configurable Device Security With Security Levels 6
Security Levels
in CalyxOS
• Configurable device security level
• Options shown during first time
setup
• Offers three different levels, inspired
from Tor browser
• Currently in development
• Standard level offers default features
April 2023 Implementing Configurable Device Security With Security Levels 7
Security Levels in CalyxOS (Contd.)
• Second level: Safer
• Builds upon Standard
• Sets timeout for Wi-Fi, Bluetooth (automatically turn off if not
used)
• Sets device to automatically reboot after a certain period of non-
usage
• Deploys Work Profile
• Enforces Orbot as Always-On-VPN (Work Profile only)
April 2023 Implementing Configurable Device Security With Security Levels 8
Security Levels in CalyxOS (Contd.)
• Third level: Safest
• Builds upon Safer
• Disables USB Data Signaling
• Prevents installation of apps from unknown sources
• Disables debugging features
• Disables javascript JIT in chromium
April 2023 Implementing Configurable Device Security With Security Levels 9
PREREQUISITES
Bellis and Other Options
April 2023 Implementing Configurable Device Security With Security Levels 10
Bellis (Work
Profile app)
• Allows users to provision and
manage Work Profile
• Simple and easy UX
• Written in Kotlin and material3
• Compatible with both AOSP and
Gradle build systems
April 2023 Implementing Configurable Device Security With Security Levels 11
Other Options
• Added to the Settings
• Contains options used by users
frequently (contained in
developer options) for security &
privacy gains
• Maintains security requirement
for certain switches
• Available when debugging
features are disallowed
April 2023 Implementing Configurable Device Security With Security Levels 12
DEVELOPMENT
Work Profile Provisioning and Restrictions
April 2023 Implementing Configurable Device Security With Security Levels 13
April 2023 Implementing Configurable Device Security With Security Levels 14
Flow While Setting Security Levels
April 23 Implementing Configurable Device Security With Security Levels 15
/**
* Device operating mode
*
* Apply privacy/security improving settings based on the mode.
* Values are:
* 0: Standard (default)
* 1: Safer
* 2: Safest
* @hide
*/
public static final String GARLIC_LEVEL = "garlic_level";
/** @hide */
public static final Validator GARLIC_LEVEL_VALIDATOR =
new InclusiveIntegerRangeValidator(0, 2);
[CalyxOS/platform_calyx-sdk]
April 23 Implementing Configurable Device Security With Security Levels 16
Intent intent = new Intent(
DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE)
.putExtra(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME,
new ComponentName(BELLIS_PACKAGE, BELLIS_PACKAGE
+ BELLIS_DEVICE_ADMIN_RECEIVER_CLASS))
.putExtra(DevicePolicyManager.EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE,
persistableBundle)
.putExtra(DevicePolicyManager.EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS, true);
[CalyxOS/platform_packages_apps_SetupWizard]
April 23 Implementing Configurable Device Security With Security Levels 17
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
when (intent.action) {
DevicePolicyManager.ACTION_GET_PROVISIONING_MODE -> {
val provisioningMode = intent.getParcelableExtra(
DevicePolicyManager.EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE,
PersistableBundle::class.java
)?.getInt(DevicePolicyManager.EXTRA_PROVISIONING_MODE, 0)
intent.putExtra(DevicePolicyManager.EXTRA_PROVISIONING_MODE, provisioningMode)
setResult(RESULT_OK, intent)
finish()
return
}
DevicePolicyManager.ACTION_ADMIN_POLICY_COMPLIANCE -> {
PostProvisioningHelper.completeProvisioning(this)
setResult(RESULT_OK)
finish()
return
}
DevicePolicyManager.ACTION_PROVISIONING_SUCCESSFUL -> {
PostProvisioningHelper.completeProvisioning(this)
}
}
} [CalyxOS/platform_packages_apps_Bellis]
PLANNED FEATURES
Better Tor Integration with multiple work profiles, OS Updates and More
April 2023 Implementing Configurable Device Security With Security Levels 18
Multiple Profiles
• Allows provisioning multiple Work
Profiles
• Isolate apps not just from your
workplace but from each other
• Turn off entire sets of apps at once
• Protect and encrypt some apps with
a separate passphrase
• Use different VPNs for different
profiles
April 2023 Implementing Configurable Device Security With Security Levels 19
OS Updater
• Streams updates from server
• Simple and easy UX
• Written in Kotlin and Material3
• Compatible with both AOSP and
Gradle build systems
• Planned to fetch updates over Tor
April 2023 Implementing Configurable Device Security With Security Levels 20
Miscellaneous Features
• Open dialer helpline links in tor browser
• Allow server selection for connectivity check
• Route microg traffic over Tor
• Reset device after X failed attempts
• More under discussion
April 2023 Implementing Configurable Device Security With Security Levels 21
THANK YOU
CONNECT WITH US

More Related Content

Similar to Implementing Configurable Device Security With Security Levels.pptx

Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overview
white paper
 
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
blusmurfydot1
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Aruba, a Hewlett Packard Enterprise company
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
jcarrey
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
jcarrey
 
HCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average qualityHCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average quality
Vinayak Wadhwa
 

Similar to Implementing Configurable Device Security With Security Levels.pptx (20)

Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overview
 
Android device protection
Android device protectionAndroid device protection
Android device protection
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
 
Security 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and ReportingSecurity 101: IBM i Security Auditing and Reporting
Security 101: IBM i Security Auditing and Reporting
 
IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14IT103Microsoft Windows XP/OS Chap14
IT103Microsoft Windows XP/OS Chap14
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Ccsk course content v1
Ccsk course content v1Ccsk course content v1
Ccsk course content v1
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
 
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
KubeHuddle NA 2023 - Why should devs care about container security - Eric Sma...
 
Security Practices in Kubernetes
Security Practices in KubernetesSecurity Practices in Kubernetes
Security Practices in Kubernetes
 
Io t security and azure sphere
Io t security and azure sphereIo t security and azure sphere
Io t security and azure sphere
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
IRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET -  	  Providing High Securtiy for Encrypted Data in CloudIRJET -  	  Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in Cloud
 
Weblogic security
Weblogic securityWeblogic security
Weblogic security
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster Security
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
 
securing-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdfsecuring-portlets-with-spring-security.pdf
securing-portlets-with-spring-security.pdf
 
HCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average qualityHCLOS.Reduce to 600 dpi average quality
HCLOS.Reduce to 600 dpi average quality
 

Recently uploaded

Blockchain Platforms for Developing DApps
Blockchain Platforms for Developing DAppsBlockchain Platforms for Developing DApps
Blockchain Platforms for Developing DApps
Intelisync
 
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
AS
 

Recently uploaded (8)

Mobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s ToolsMobile Application Development-Android and It’s Tools
Mobile Application Development-Android and It’s Tools
 
Mobile Application Development-Components and Layouts
Mobile Application Development-Components and LayoutsMobile Application Development-Components and Layouts
Mobile Application Development-Components and Layouts
 
Blockchain Platforms for Developing DApps
Blockchain Platforms for Developing DAppsBlockchain Platforms for Developing DApps
Blockchain Platforms for Developing DApps
 
Abortion pills in Riyadh+966572737505 cytotec jeddah
Abortion pills in Riyadh+966572737505 cytotec jeddahAbortion pills in Riyadh+966572737505 cytotec jeddah
Abortion pills in Riyadh+966572737505 cytotec jeddah
 
Mobile Application Development- Configuration and Android Installation
Mobile Application Development- Configuration and Android InstallationMobile Application Development- Configuration and Android Installation
Mobile Application Development- Configuration and Android Installation
 
Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312Mobile App Penetration Testing Bsides312
Mobile App Penetration Testing Bsides312
 
Android Application Components with Implementation & Examples
Android Application Components with Implementation & ExamplesAndroid Application Components with Implementation & Examples
Android Application Components with Implementation & Examples
 
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
原版定制英国伦敦大学金史密斯学院毕业证原件一模一样
 

Implementing Configurable Device Security With Security Levels.pptx

  • 1. IMPLEMENTING CONFIGURABLE DEVICE SECURITY WITH SECURITY LEVELS AAYUSH GUPTA | CHIRAYU DESAI
  • 2. Overview • Security Levels in CalyxOS • Prerequisites • Development • Planned Features April 2023 2 Implementing Configurable Device Security With Security Levels
  • 3. SECURITY LEVELS What are Security Levels and why do we need them? April 2023 3 Implementing Configurable Device Security With Security Levels
  • 4. Why do we need Security Levels? • Users might not be familiar with the available features • Finding the best combination of settings takes time • Easily switching between combinations isn’t possible • Expert opinion is helpful • Many more as per cases April 2023 Implementing Configurable Device Security With Security Levels 4
  • 5. Security Levels • Offers easily configurable choices as per requirements • Pre-configured by experts • Restricts users from dangerous actions/options April 2023 Implementing Configurable Device Security With Security Levels 5 Security Levels in Tor Browser
  • 6. SECURITY LEVELS IN CalyxOS Standard, Safer and Safest April 2023 Implementing Configurable Device Security With Security Levels 6
  • 7. Security Levels in CalyxOS • Configurable device security level • Options shown during first time setup • Offers three different levels, inspired from Tor browser • Currently in development • Standard level offers default features April 2023 Implementing Configurable Device Security With Security Levels 7
  • 8. Security Levels in CalyxOS (Contd.) • Second level: Safer • Builds upon Standard • Sets timeout for Wi-Fi, Bluetooth (automatically turn off if not used) • Sets device to automatically reboot after a certain period of non- usage • Deploys Work Profile • Enforces Orbot as Always-On-VPN (Work Profile only) April 2023 Implementing Configurable Device Security With Security Levels 8
  • 9. Security Levels in CalyxOS (Contd.) • Third level: Safest • Builds upon Safer • Disables USB Data Signaling • Prevents installation of apps from unknown sources • Disables debugging features • Disables javascript JIT in chromium April 2023 Implementing Configurable Device Security With Security Levels 9
  • 10. PREREQUISITES Bellis and Other Options April 2023 Implementing Configurable Device Security With Security Levels 10
  • 11. Bellis (Work Profile app) • Allows users to provision and manage Work Profile • Simple and easy UX • Written in Kotlin and material3 • Compatible with both AOSP and Gradle build systems April 2023 Implementing Configurable Device Security With Security Levels 11
  • 12. Other Options • Added to the Settings • Contains options used by users frequently (contained in developer options) for security & privacy gains • Maintains security requirement for certain switches • Available when debugging features are disallowed April 2023 Implementing Configurable Device Security With Security Levels 12
  • 13. DEVELOPMENT Work Profile Provisioning and Restrictions April 2023 Implementing Configurable Device Security With Security Levels 13
  • 14. April 2023 Implementing Configurable Device Security With Security Levels 14 Flow While Setting Security Levels
  • 15. April 23 Implementing Configurable Device Security With Security Levels 15 /** * Device operating mode * * Apply privacy/security improving settings based on the mode. * Values are: * 0: Standard (default) * 1: Safer * 2: Safest * @hide */ public static final String GARLIC_LEVEL = "garlic_level"; /** @hide */ public static final Validator GARLIC_LEVEL_VALIDATOR = new InclusiveIntegerRangeValidator(0, 2); [CalyxOS/platform_calyx-sdk]
  • 16. April 23 Implementing Configurable Device Security With Security Levels 16 Intent intent = new Intent( DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE) .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME, new ComponentName(BELLIS_PACKAGE, BELLIS_PACKAGE + BELLIS_DEVICE_ADMIN_RECEIVER_CLASS)) .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, persistableBundle) .putExtra(DevicePolicyManager.EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS, true); [CalyxOS/platform_packages_apps_SetupWizard]
  • 17. April 23 Implementing Configurable Device Security With Security Levels 17 override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) when (intent.action) { DevicePolicyManager.ACTION_GET_PROVISIONING_MODE -> { val provisioningMode = intent.getParcelableExtra( DevicePolicyManager.EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE, PersistableBundle::class.java )?.getInt(DevicePolicyManager.EXTRA_PROVISIONING_MODE, 0) intent.putExtra(DevicePolicyManager.EXTRA_PROVISIONING_MODE, provisioningMode) setResult(RESULT_OK, intent) finish() return } DevicePolicyManager.ACTION_ADMIN_POLICY_COMPLIANCE -> { PostProvisioningHelper.completeProvisioning(this) setResult(RESULT_OK) finish() return } DevicePolicyManager.ACTION_PROVISIONING_SUCCESSFUL -> { PostProvisioningHelper.completeProvisioning(this) } } } [CalyxOS/platform_packages_apps_Bellis]
  • 18. PLANNED FEATURES Better Tor Integration with multiple work profiles, OS Updates and More April 2023 Implementing Configurable Device Security With Security Levels 18
  • 19. Multiple Profiles • Allows provisioning multiple Work Profiles • Isolate apps not just from your workplace but from each other • Turn off entire sets of apps at once • Protect and encrypt some apps with a separate passphrase • Use different VPNs for different profiles April 2023 Implementing Configurable Device Security With Security Levels 19
  • 20. OS Updater • Streams updates from server • Simple and easy UX • Written in Kotlin and Material3 • Compatible with both AOSP and Gradle build systems • Planned to fetch updates over Tor April 2023 Implementing Configurable Device Security With Security Levels 20
  • 21. Miscellaneous Features • Open dialer helpline links in tor browser • Allow server selection for connectivity check • Route microg traffic over Tor • Reset device after X failed attempts • More under discussion April 2023 Implementing Configurable Device Security With Security Levels 21