[Dev] Our lessons learnt about tizen's security

José Bollo jobol at nonadev.net
Mon Sep 28 09:18:17 GMT 2015


Thank you Tomasz for your kind and quick answer.

I'll introduce your remarks in a later version of the document. 

Best regards
José

Le lundi 28 septembre 2015 à 10:38 +0200, Tomasz Swierczek a écrit :
> Hi Jose,
> 
> 
> Long time no see ;-)
> 
> 
> Few updates and info that may be useful: 
> 
> - updated security wiki, with some more Tizen 3.0 information (Tizen 3.X section): https://wiki.tizen.org/wiki/Security https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview 
> 
> - document states: "Despite that such feature exists, Tizen/v3 doesn't implement netfiltering." Even though its not currently integrated with the platform, we've actually just finished implementing that (kernel & netfilter upstream patches to get full security context of packets and a "nether" module in userspace to filter out the packets/ask for the policy - in our implementation, via Cynara. Only beginnings of each network connection are being checked. Wiki page with documentation is very poor, its under construction (https://wiki.tizen.org/wiki/Security:Nether); we're on our way to add this (hopefully) to daily images.
> 
> - on the container topic, a small update: we're still waiting for upstream Smack namespaces patches to be finally accepted; there seems to be consensus about their future (Casey Schaufler added them to the "future" roadmap of Smack development on Linux Security Summit), but those are sill not merged.
> 
> - I like the title "Do not under estimate security cost" on one of the paragraphs ;-)
> 
> - about Smack access modes: recently there is also a "bringup mode": https://lwn.net/Articles/608430/ 
> 
> That is all I got at 1st glance - BTW, a nice summary of the work done on Tizen.
> 
> 
> Best Regards,
> 
> 
> 
> Tomasz Świerczek
> Samsung R&D Institute Poland
> Samsung Electronics
> Office +48 22 377 95 59
> Cell +48 503 135 021
> t.swierczek at samsung.com
> 
> 
> -----Original Message-----
> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of José Bollo
> Sent: Monday, September 28, 2015 10:16 AM
> To: dev at lists.tizen.org
> Subject: [Dev] Our lessons learnt about tizen's security
> 
> Hi all,
> 
> in the context of AGL we wrote a document named: Tizen security, lessons
> learnt. We are glad to share it with the list:
> 
> http://iot.bzh/download/public/tizen-security-lessons-learnt-initial.pdf
> 
> Any feedback is very welcome, here on the list or in private.
> 
> Best regards
> José Bollo
> 
> 
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev
> 




More information about the Dev mailing list