Moblin Security

The main goal for the security architecture is to enable Moblin for "open but secure" device platform. This implies user’s ability to install any native application without compromising security. The tall order of this promise is met through multiple security mechanisms implemented in Moblin. Some of them will require support from hardware. In the absence of hardware based security support, certain threats to the platform may remain unmitigated.

We will devide this project into following categories/sub-projects:

1. Trusted or secure boot: Only needed if the device need to support trusted applications/services (e.g. telephony, DRM)
2. Application Sandboxing: Following are the main objectives for this project:
   1. Make sure that a compromised application can not cause damage to the rest of the platform. This means, attacker may not be able to use one vulnerable application as a springbox for attacking the rest of the device.
   2. Hide information / data associated with applications from rest of the applications running on the platform.
   3. Restricting access to only the parts of the system that an application needs to do its particular function.
3. Access Control for critical services: This is typically needed in two cases:
1. When the device supports trusted services and need to make sure that only select few applications have access to it.
2. For applications and services to protect access to user privacy sensitive data. E.g. GPS managing service should not provide access to current location to every application on the platform. Content manager should protect access to all user data and allow access to only policy specified applications.
   User also needs to have ability to mediate this access control where allowed.
4. Package Isolation: To make sure the untrusted applications do not cause any damage at the installation time, there needs to be packaging level isolation. The packages corresponding to the untrusted applications needs to be isolated from all the system and trusted application packages.
5. Hardened software stack: In addition to employing the trusted boot and application isolation techniques, the Linux OS software stack needs tightening to minimize the attack vectors.

We will add more details on these sub-projects in the coming days.