Data security
Lamarque V. Souza
lamarque at kde.org
Tue Jan 10 22:17:09 UTC 2012
Em Thursday 05 January 2012, Marco Martin escreveu:
> Hi all,
>
> there is a thing that is still missing pretty much completely, and was part
> of the feature plan since the beginning...
>
> it's an (admittely) pretty vague security model for the data stored on the
> device.
>
> now, this can mean different things:
> * security of the device itself against stealing: how much can be done
> about is kinda limited, apart some usual, as low level as possible things
> such as full disk encryption (and possibly some way to shut it down
> remotely). This is something that would add a real value compared to other
> mobile platforms around
>
> * security model of the data even against the applications: should be the
> nepomuk store doing some sort of authentication on who can access it and
> what data? this could be desiderable as well, not sure about the technical
> feasability tough, in part because all our stuff communicates with the
> easily eavesdroppable dbus (nepomuk, contour, activity manager), in part
> because whatever you can really sandbox an installed c++ app is a bit
> questionable.
>
> probably at least some form of authentication for qml only stuff to the
> metadata model and the dataengines is desiderable *and* feasible tough.
> maybe with a derivation of the remote plasmoid authorization?
Was reading about the security framework once proposed to MeeGo and it is
interesting: http://lwn.net/Articles/416771/
Basically the package manager signs and store a hash for executables
when installing them and Linux Security Model (LSM) module checks the hash
when launching the process. Unfortunately I think that would require us to use
something different than rpm or create another tool to do the signing part,
that tool would have to run everytime a package is installed or the
executables would not run. 11 years I worked with a security framework like
that and having to run a second tool can be troublesome during updates,
specially when what is being updated is the package manager package.
Interesting is that the hash also works for network packages (sockets).
The same hash stored in files can be used to prevent them from being
read or written to. That can be usefull for us since all processes in system
running PA run on behalf of the same user, so the usual Linux security model
is basically void.
The extended verification module (EVM) is something we will miss because
it depends on hardware. It is basically a framework to protect against offline
attacks, which is the first topic in Marco's mail.
More details:
http://wiki.meego.com/Security/Architecture
It looks like it is being actively developed:
http://meego.gitorious.org/meego-platform-security/
--
Lamarque V. Souza
KDE's Network Management maintainer
http://planetkde.org/pt-br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/active/attachments/20120110/fa52454c/attachment-0001.html>
More information about the Active
mailing list