Brussels / 30 & 31 January 2016


Security and privacy in your embedded systems

Strong isolation of applications using Smack and Cynara

In near future, objects will dialog together through internet or near field hadhock networks. What's about your privacy data? Recent use cases in the automotive industry have shown how much it can cost to under estimate hacker's skills. In our current work for designing a security architecture for cars and connected objects, we used smack LSM and cynara service for isolating applications and services from the baseline system. This model is base on the idea that application should not be trusted, it guarantees that no data can be stolen by application and it supports native, html5 and cloud models.

The market sells more and more connected objects. These objects have a computing unit and most of it are able to connect to some kind of cloud. This is a fact.

There are motivations and interests in developing open frameworks for creation of applications for such objects.

When developing the system and its application framework, master pieces of knowledges and feedbacks are expected from telephone industry, where iOS and Androïd showed the high potential of markets for applications. But a car is not a phone!

Do you lend or resell your mobilephone? Is your mobilephone potentially lethal?

For each of the previous questions the answer is yes when the word "telephone" is replaced by the word "automobile". But you could find other devices: camera, watch, television, refrigerator, ... However, automobile seems to be one of the most complex connected object. All of this brings in the front of the scene many usages that are reasking and enforcing our practicals of security and privacy.

This talk presents the security considerations linked to my work for AGL (Automotive Grade Linux). AGL is a project of the Linux foundation. AGL project released its first specification in spring 2015.

It will explain how isolation of applications and isolation of in-deep parts of the system are required to ensure privacy and safety.


José Bollo