Brussels / 1 & 2 February 2014


Security model using Smack for embedded systems

Small but secure

Smack (Simplified Mandatory Access Control Kernel) is a linux security module particularily well suited for small systems.

After presenting basic concepts and tools related to Smack, some concrete models for implementing Smack will be exposed.

I usually share my handset or my tablet to people of my family. Is it really secure?

Will my child install a backdoor? Will my dear spouse send jokes by SMS in my name? Will my mother destroy sensitive data? And me? How can I trust the policy manager? Will installed applications respect the contract? Even if native?

For Tizen, the implementation of Smack is declined for several targets: * for telephonic handsets (mostly dedicated for one person); * for notebooks (where multi-user is really need -think to your children-); * for automobiles (where multi-user and multi-session/multi-seat is targeted).

Also on Tizen, installable applications (coming from a store) must expose their requirement and then conform to it. That is even more important for Tizen because it currently allows native and/or mixed applications to be deployed.

The policy manager can rely on Smack to achieve the security for the whole system.


José Bollo