MokSec - The Security Framework

Crane, Matthew mcrane03 at harris.com
Mon Jul 14 16:57:26 CEST 2008 

I would think on a phone the primary concern is protecting the user
data.  

E.g. sms, contacts, history. 

If somebody was able to malicously install software on the phone, your
pretty much already $%@#'ed.  Not letting it call out helps, but it's
already defeated.  I'm assuming we're not installing a lot of new
unknowns on a secure device, and anything trying to make network
connections is evol. 

I've been picturing running an encrypted rootfs image off an SD card.
There could be multiple encrypted rootfs images, only one would be the
real one, or they all could be used for different reasons.

Once the system boots it's up to the user to unlock the keys to the
encrypted image to be used and that gets booted from the already running
kernel. 



-----Original Message-----
From: community-bounces at lists.openmoko.org
[mailto:community-bounces at lists.openmoko.org] On Behalf Of Tilman
Baumann
Sent: Monday, July 14, 2008 10:38 AM
To: List for Openmoko community discussion
Subject: Re: MokSec - The Security Framework


Kalle Happonen wrote:

> However, later on an easily configurable firewall would be almost 
> essential imho. Connecting to the phone (any port) over the wifi
should 
> (almost?)never be allowed as default. Even if the point with the phone

> is that users can do what they want, it doesn't mean that the apps
they 
> install shouldn't be protected. And a firewall is almost the only
viable 
> way. There's no easy way of making all the apps listen to just one 
> interface, and while host.allow/deny is more lightweight than a 
> firewall, those don't allow distinguishing of interface.

SELinux comes to mind. Or at least the capabilites framework.
This way i could choose to allow a app to open sockets. (Little bit like

java sandboxes)
As far as i know we could even have a popup asking for permission.

And to give my 2 Eurocents to the everything as root discusion.
Running user apps as root must end, better soon.
If apps need things only root can do (not much comes to my mind) we 
could use sudo wrapper or SELinux rules.

-- 
Drucken Sie diese Mail bitte nur auf Recyclingpapier aus.
Please print this mail only on recycled paper.

_______________________________________________
Openmoko community mailing list
community at lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

More information about the community mailing list