Data security

Tue Jan 10 22:17:09 UTC 2012

Em Thursday 05 January 2012, Marco Martin escreveu:
> Hi all,
> 
> there is a thing that is still missing pretty much completely, and was part
> of the feature plan since the beginning...
> 
> it's an (admittely) pretty vague security model for the data stored on the
> device.
> 
> now, this can mean different things:
> * security of the device itself against stealing: how much can be done
> about is kinda limited, apart some usual, as low level as possible things
> such as full disk encryption (and possibly some way to shut it down
> remotely). This is something that would add a real value compared to other
> mobile platforms around
> 
> * security model of the data even against the applications:  should be the
> nepomuk store doing some sort of authentication on who can access it and
> what data? this could be desiderable as well, not sure about the technical
> feasability tough, in part because all our stuff communicates with the
> easily eavesdroppable dbus (nepomuk, contour, activity manager), in part
> because whatever you can really sandbox an installed c++ app is a bit
> questionable.
> 
> probably at least some form of authentication for qml only stuff to the
> metadata model and the dataengines is desiderable *and* feasible tough.
> maybe with a derivation of the remote plasmoid authorization?

Was reading about the security framework once proposed to MeeGo and it is 
interesting: http://lwn.net/Articles/416771/

	Basically the package manager signs and store a hash for executables 
when installing them and Linux Security Model (LSM) module checks the hash 
when launching the process. Unfortunately I think that would require us to use 
something different than rpm or create another tool to do the signing part, 
that tool would have to run everytime a package is installed or the 
executables would not run. 11 years I worked with a security framework like 
that and having to run a second tool can be troublesome during updates, 
specially when what is being updated is the package manager package. 
Interesting is that the hash also works for network packages (sockets).

	The same hash stored in files can be used to prevent them from being 
read or written to. That can be usefull for us since all processes in system 
running PA run on behalf of the same user, so the usual Linux security model 
is basically void.

	The extended verification module (EVM) is something we will miss because 
it depends on hardware. It is basically a framework to protect against offline 
attacks, which is the first topic in Marco's mail.

	More details:

	http://wiki.meego.com/Security/Architecture

	It looks like it is being actively developed:

http://meego.gitorious.org/meego-platform-security/

-- 
Lamarque V. Souza
KDE's Network Management maintainer
http://planetkde.org/pt-br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/active/attachments/20120110/fa52454c/attachment-0001.html>