Isolation & Segregationiot.bzh/download/public/2016/security/Security-Architecture-AGL20.pdf · UI...

7

Transcript of Isolation & Segregationiot.bzh/download/public/2016/security/Security-Architecture-AGL20.pdf · UI...

Page 1: Isolation & Segregationiot.bzh/download/public/2016/security/Security-Architecture-AGL20.pdf · UI under HTML5 or QML or external device running in the untrusted zone. Application
Page 2: Isolation & Segregationiot.bzh/download/public/2016/security/Security-Architecture-AGL20.pdf · UI under HTML5 or QML or external device running in the untrusted zone. Application

Isolation & Segregation

● Client/UI (untrusted)– Risk of code injection (HTML5/QML)

– UI on external devices (Mobiles, Tablets)

Page 3: Isolation & Segregationiot.bzh/download/public/2016/security/Security-Architecture-AGL20.pdf · UI under HTML5 or QML or external device running in the untrusted zone. Application

Layered Security Architecture

Page 4: Isolation & Segregationiot.bzh/download/public/2016/security/Security-Architecture-AGL20.pdf · UI under HTML5 or QML or external device running in the untrusted zone. Application

HTML5, QML & Native AppsSecurity framework should make standard operations simple, while keeping complex operations possible.

● Standard Model

Page 5: Isolation & Segregationiot.bzh/download/public/2016/security/Security-Architecture-AGL20.pdf · UI under HTML5 or QML or external device running in the untrusted zone. Application

Sample Radio Application Startup

● (1+2) Home screen sends an “App Start” request through the corresponding binder to App. Framework service

● (3a+3b) App. Framework starts two processes with a shared

Page 6: Isolation & Segregationiot.bzh/download/public/2016/security/Security-Architecture-AGL20.pdf · UI under HTML5 or QML or external device running in the untrusted zone. Application

Sample Radio Application Flow

Page 7: Isolation & Segregationiot.bzh/download/public/2016/security/Security-Architecture-AGL20.pdf · UI under HTML5 or QML or external device running in the untrusted zone. Application

Conclusion

● Stong isolation– Untrusted client can only access services through a network interface and never have access

to direct library mapping.


Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Web security: Securing Untrusted Web Content in Browsers

Web security: Securing Untrusted Web Content in Browsers

1 Physical Layer Security for Two-Way Untrusted Relaying ...

1 Physical Layer Security for Two-Way Untrusted Relaying ...

Game Development with QML - chall3ng3r

Game Development with QML - chall3ng3r

Web security: Securing untrusted web content at browsers

Web security: Securing untrusted web content at browsers

QML settings

QML settings

Security in QEMU - linux-kvm.org · 6 KVM Forum 2018 QEMU’s Security Requirements For virtualization use cases: Guest is untrusted User-facing interfaces are untrusted (e.g. remote

Security in QEMU - linux-kvm.org · 6 KVM Forum 2018 QEMU’s Security Requirements For virtualization use cases: Guest is untrusted User-facing interfaces are untrusted (e.g. remote

QML by Design Webinar

QML by Design Webinar

A Study of Electron Security - Paper Conf/Blackhat/2017_us/us-17-Carettoni...1. Disable nodeIntegration for untrusted origins 2. Use sandbox for untrusted origins 3. Review the use

A Study of Electron Security - Paper Conf/Blackhat/2017_us/us-17-Carettoni...1. Disable nodeIntegration for untrusted origins 2. Use sandbox for untrusted origins 3. Review the use

Simple Qml

Simple Qml

Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.

Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.

7 Qml Presenting Data

7 Qml Presenting Data

Stanford Computer Security Lab Sandboxing Untrusted JavaScript John Mitchell Stanford.

Stanford Computer Security Lab Sandboxing Untrusted JavaScript John Mitchell Stanford.

Mobile Application Development With QML

Mobile Application Development With QML

QMines Ltd (QML)

QMines Ltd (QML)

T-110.4206 Information security technology · T-110.4206 Information security technology Software security Aalto University, autumn 2012 . 2 Outline Untrusted input Buffer overrun

T-110.4206 Information security technology · T-110.4206 Information security technology Software security Aalto University, autumn 2012 . 2 Outline Untrusted input Buffer overrun

Physical Layer Security: Friendly Jamming in an Untrusted ...sxn/paper/2016_security_eusipco.p… · cooperating nodes to transmit artificial noise [1]. ... security aware relaying

Physical Layer Security: Friendly Jamming in an Untrusted ...sxn/paper/2016_security_eusipco.p… · cooperating nodes to transmit artificial noise [1]. ... security aware relaying

Qml Composing Uis

Qml Composing Uis

On Security and Throughput for Energy Harvesting Untrusted … · 2019. 11. 12. · multi-antenna BS, multiple untrusted relays, multiple IoTDs with imperfect CSI. The primary contributions

On Security and Throughput for Energy Harvesting Untrusted … · 2019. 11. 12. · multi-antenna BS, multiple untrusted relays, multiple IoTDs with imperfect CSI. The primary contributions

Running Untrusted Application Code: Sandboxing. Running untrusted code We often need to run buggy/unstrusted code: programs from untrusted Internet sites:

Running Untrusted Application Code: Sandboxing. Running untrusted code We often need to run buggy/unstrusted code: programs from untrusted Internet sites: