From l.wojciechow@partner.samsung.com Thu May 28 10:15:37 2015 Date: Thu, 28 May 2015 10:08:30 +0200 From: Lukasz Wojciechowski To: lss-pc@lists.linuxfoundation.org Subject: [lss-pc] Speech proposal for Linux Security Summit 2015 Dear committee I would like to propose a topic for a LSS conference: "Security model for application framework in practice." Here is the abstract of my speech: "Presented system security model allows controlling application access to privileged resources in multi user environment. Our security solution consists of few layers. Base layer provides separation of processes into domains. System and user processes are isolated with Smack LSM. Crucial system resources are accessible mainly through system daemons. In exceptional cases direct access is also possible. Before daemons give any application permission to a privileged API action, they consult a user space policy service - Cynara. Cynara checks if application and user running it have proper rights. All layers are bound by the Security Manager - service that sets and manages whole security policy both in Smack and Cynara. It is used by installers, launchers and system managing tools. Solution is also prepared to work in multi-container virtual environment with help of Vasum service. Described security model is successfully implemented and used on Tizen 3.0 platform. There are also other distributions that are interested in following this solution." Please consider including this topic in LSS agenda. Best regards Łukasz Wojciechowski ETA: This topic is connected tightly to Cynara, but it covers much more. Lukas will talk about open source security framework we've implemented for TIZEN 3.0 (also available on GitHub). The solution allows to configure and control application security environment as a whole – not only to setup privileges app needs (privileges understood as abstract resources – topic already presented once at TDC 2014: https://lwn.net/Articles/602060/), but also setup MAC policy, DAC policy, properly label all application's files, setup applications security attributes before launch, etc. We're providing all the tools needed to do that – installation & launch support (Security-Manager), privilege/policy checker & DB (Cynara), network privilege handling in interactive way (“nether” repo @github that uses netfilter and Cynara), etc. We've also integrated this solution with our container framework – Vasum (also on GitHub; uses LXC) – so that launching a secured/sandboxed app in a container is also covered. We’re doing this to separate application security context (its privileges in general meaning) from privileges that the user has – so that for e.g. if you launch an app, it doesn’t necessarily need to have full access rights that your user has (what if webkit in that application abuses it’s privilege to access web(?) and hacks your computer - reads your web browser cache?). This is more a talk about separation between applications and the OS itself – and how we’re doing this – than just a talk about Cynara module. We’ve encountered some interesting challenges in our development and we’d like to share them too, apart from the general idea.