This page includes all references to MeeGo Security Architecture content.

Contents 1 MeeGo Security Architecture 1.1 For The Reader 1.2 Abstract 1.3 Security Goals 1.4 MSSF Evolution 1.5 Security Framework Components 1.5.1 Trusted Execution Environment 1.5.1.1 Boot Process 1.5.2 Access Control 1.5.2.1 Classic Access Control Concepts 1.5.2.2 UNIX Access Control 1.5.2.3 MeeGo Access Control Concepts 1.5.2.4 SMACK AC Module Overview 1.5.2.5 SMACK Usage in MSSF

MeeGo Security Architecture

This architecture is the result of the work of many different people. Thanks go to Elena Reshetova, Janne Karhunen, Casey Schaufler and Ryan Ware.

For The Reader

The following document contains the overview description of Mobile Simplified Security Framework (MSSF) for the MeeGo.com release. MSSF is the basis of the MeeGo Security Architecture and will be delivered with MeeGo starting with the 1.2 release.

Abstract

The purpose of the Mobile Simplified Security Framework (MSSF), in the MeeGo platform, is to protect the owner of a MeeGo-powered platform from getting their personal data and passwords stolen and used for malicious purposes, to prevent malware from misusing the device, to prevent the user from accidentally breaking the device software, and to make the platform meet the needs of software that requires a safe execution environment. This is accomplished by:

• A fine-grained, configurable, access control framework that can restrict the set of allowed operations according to the source and identify of an application.
• An extensive integrity checking system that ensures the authenticity of all executable files, as well as other important configuration files.
• Protection of sensitive data by means of encryption and signing, including enabling the use of a key derived from a hardware-protected, device-specific secret.

The main design goal is to accomplish all this without significant penalty in terms of performance and usability by using established open standards and having all implementation open-sourced. The other goal is to introduce only minimum changes to the standard Linux programming environment to make it easy for new programmers to start working with MeeGo.

Security Goals

The main security goals are:

• Protect the user - Malicious applications may try to compromise users’ privacy by publishing the content of their phonebook or private messages to the Internet. They may also try to incur costs to users by calling expensive, premium numbers or using the GPRS data connection extensively while roaming.
• Protect the device - Malicious applications may try to change some device parameters that may cause the device to malfunction or, in the worst case, even lead to the device becoming completely unusable. For example, changing the battery charging levels may lead to malfunction. Also, malicious applications should not be able to change the device parameters in a way that would violate regulations or the setup of the mobile operator.
• Protect the business - Some MeeGo devices are sold through the operator channels, which may require support for SIM lock functionality. A malicious user or application should not be able to disable such a lock. Also, MeeGo device distribution channels may require installation or blocking of certain applications or services without the possibility of users or applications changing these settings.
• Enable new services - Services like mobile payments and copyright protection require strong security support from the operating system. The security of these services is essential for their use, so MeeGo provides such enablers.

MSSF Evolution

Currently, there are two major versions of MSSF: version 1 and version 2. MSSF version 1 is the security framework that Nokia delivered as a part of earlier products. MSSF version 2 is an evolution of that framework which is included in MeeGo 1.2. The source code for MSSFv2 is found here. The differences between version 1 and version 2 are the main focus of this document and they are primarily in the areas of: access control, integrity protection, and secure software distribution.

There are several reasons for updating MSSF to version 2, which can be shortly described as:

• New Features – Version 1 lacked a number of important features in the area of access control, such as mandatory run-time filesystem access controls and socket access control.
• Upstream Sources – There is a requirement that all MeeGo components must be upstream and therefore all version 1 kernel modules and patches would need to be accepted by the upstream Linux kernel. However, upstreaming to the Linux kernel of these components was identified as being extremely difficult as it already included stable components that had comparable functionality. Unfortunately, the upstream modules (specifically SMACK* and IMA/EVM) do not provide all the functionality needed by MeeGo. So, the decision was made to contribute to these open-source projects to get the required enablers into the Linux kernel.

Security Framework Components

The MSSF has these components, which are implemented by various platform subsystems.

• Trusted Execution Environment (TEE) Services – Provides secure cryptographic services and key management for other MSSF subsystems.
• Integrity Protection – Ensures protection of the filesystem.
• Access Control – Limits application access to protected resources.
• Cryptographic Services – Provides data integrity and confidentially protection for applications.
• Secure Software Distribution – MeeGo relies on the secure software distribution model, which ensures the authentication of software packages and allows the remote management of security policies.
• Certificate Manager – Provides interfaces to store and manage the platform’s X.509 signing certificates, the user’s own certificates, and any related private keys.

All of these portions of the software stack are influenced by the Device Security Policy, which allows the OEM or operator to configure the security policies for the device.

Trusted Execution Environment

The MSSF framework enables hardware security components, if they are available. These components are then abstracted by the Trusted Execution Environment (TEE) Services subsystem of MSSF. The expectations from hardware security components are similar to those of a Trusted Platform Module (TPM) or Mobile Trusted module (MTM) specifications.

The TEE Services subsystem provides interfaces to tamper resistant services implemented inside security hardware. The actual implementation of these services depends on the security hardware itself and may vary considerably. However, MSSF poses minimal requirements towards the security hardware, which are described below:

• Securely Provisioned Root Public Key (RPK) - The root public key is a one-time programmable (OTP) key, which can be used as a root key for identifying the SW stack of the device.
• Securely Provisioned Root Device Specific Key (RDSK) - The root device specific key is a symmetric OTP key, which can be used as a root key for local cryptographic operations to guarantee data integrity and confidentiality. It can also be used to derive a unique identifier for the device, if needed.
• Trusted Execution Environment - The hardware must provide an environment where cryptographic operations and key management take place in an isolated environment.

These requirements provide a basis for building MSSF services on top of security hardware. If these requirements cannot be satisfied or the target platform does not have a security hardware subsystem, the level of security provided by MSSF decreases significantly. Operations that would take place within hardware instead take place in software, which results in a reduced bar of protection. While not optimal, this reduced bar still provides better protection than generic Linux protections.

Boot Process

This document does not go into specific secure boot implementations. MeeGo is expected to work with various hardware solutions and implementations and there are a wide variety of ways to perform a secure, measured platform boot. The MeeGo Security Framework assumes that a secure boot solution enables a secure boot to the MeeGo kernel. This ties the platform root-of-trust to the kernel. From here, the kernel can then extend the root-of-trust to other portions of the software stack. If a secure boot solution is not provided for the platform, the level of security provided to the platform decreases significantly.

Access Control

The purpose of the MeeGo Access Control subsystem is to limit the access to the operating system resources by enforcing the “principle of least privilege”. To be able to explain this principle and its applicability to MSSF ACS, let’s introduce a number of classic concepts.

Classic Access Control Concepts

The most common abstraction for representing a computer system is dividing it into subjects and objects.

A Subject is an active entity, which represents a system’s user or process in the computer system. The MeeGo access control subsystem uses processes as the granularity of control, meaning that the access control in MeeGo is process based.

An Object, also known as a resource, is a passive entity, which represents a file, system resource, or even potentially a subject. The last means that an executable file is an object of a computer system, but when it starts to execute, it becomes a subject of this system.

The third commonly use abstraction is an Access Type. It is an operation which a subject can perform on an object. The concrete meaning of access type depends on the commuter system. For the file server, it can be an ability to read an object, to write to it, or to execute it. For database systems, access types can be an ability to insert a new record in a table, to search for data in database, and so on.

UNIX Access Control

After defining the goal of our access control model, let’s discuss the reasons why the current classic UNIX access control isn’t enough to achieve this goal. UNIX access controls were originally developed as “user-centric” access controls. The goal of such ACs is to separate the users and their access to each other’s data. The model of adversary for the classic UNIX model is a malicious user that tries to obtain another user’s data. However, currently most MeeGo devices are considered to be single-user devices. The model of an adversary is mainly malicious software that can be installed by a user and may cause undesirable consequences.

The changed environment and the new adversary model require a change to the access control model. However, it is important to mention that there were a number of attempts to extend the classical UNIX AC model. These include projects such as POSIX* capabilities. Unfortunately, current Linux distributions all support the use of a ‘root’ user. Moreover, the limited amount of defined POSIX capabilities led to the fact that some of them began to be used to protect quite different functionality than intended. For example, the CAP_SYS_ADMIN capability protects a wide range of system objects. This reduces the effect of capabilities separation and leads to diminishing the principle of least privilege. Additionally, POSIX capabilities were introduced to protect specific Linux interfaces and functionality. It remains difficult to use these capabilities to map to items that concern ordinary users.

MeeGo Access Control Concepts

As was explained in the previous section, the standard Linux ACs can’t be used to fulfill the main goals of MeeGo access control. To resolve this, the following AC concepts were introduced.

A resource is a virtual object, which represents some functionality. It can be a file on the filesystem, a D-Bus service, and so on. Some systems’ resources are considered sensitive because they provide access to some critical functionality or data. To access sensitive resources, an application may be required to possess a specific credential. The standard Linux access control has the following credentials, which can be associated with the process: user identifier (UID), group identifier (GID), POSIX capabilities, and supplementary groups. The MeeGo AC framework introduces two new types of credentials: Resource Token and Application Identifier.

A resource token is a string that is understandable for both users and developers. Examples of resource tokens are “Location” and “Cellular”. As an example, let’s consider the “Cellular” resource token. It represents access to cellular functionality on a device (GSM* call, SMS and GPRS data). The real system objects that will be protected by this resource are D-Bus interfaces for csd-call, csd-sms, csd-gprs, and higher-level D-Bus interfaces. The initial set of protected resources will be defined based on the risk analysis for a MeeGo platform. Each application has a possibility to define new resource tokens, which the application itself provides and may want to use to protect its sensitive resources.

For an application to request or provide a resource token, it needs to have a manifest file inside of the package. In this file, an application declares the credentials, which it needs to work properly, and the credentials that are provided by the application.

The second type of credential is the application identifier, which should fulfill the following requirements:

• It should be impossible to forge.
• It should uniquely identify an application through its entire life cycle.
• It should remain the same for the application, regardless of application restart, application updates, multiple application instances, or platform reboots.

Such an identifier in our system, allowing reliable identification of an application through its entire life cycle, is generated by the package manager and represented by a triplet:

AppID = {SourceID, PackageName, ApplicationSpecificName}

The SourceID is a unique identifier of a software source. It should be tied with a key that is used by this software source, but it should not directly depend on the key since the key may be updated over time. The PackageName is a package name without a version number. ApplicationSpecificName is defined by a developer and is provided for the case where a developer has a number of different binaries within their package that require different access rights. It is defined inside the Manifest File. In the case where no such definition exists within the manifest, the ApplicationSpecificName shall be assumed to be ‘None’.

As an example, let’s use AppID = “com.meego.cool-tools.addressbookplugin”. In this case, “com.meego” is the SourceID, “cool-tools” is the PackageName, and “addressbookplugin” is the ApplicationSpecificName.

In version 1 of MSSF, resource tokens and application identifiers were implemented by a number of specialized kernel modules. However, because of reasons previously mentioned, the decision was made to change the access control subsystem implementation to use one of the mainline Linux Security Modules, Simple Mandatory Access Control Kernel (SMACK)*.

SMACK AC Module Overview

SMACK is a mainline Linux Security Module (LSM) which provides a complete mandatory access control model. SMACK has a notion of label which identifies a security characteristic of subject or object. The default rule is that a subject can only access an object if their labels match. SMACK access rules are defined by triplets:

{Subject, Object, Access}

Here, Access refers to the access type term, defined in Classical Access Control concepts. SMACK also has a number of default system labels that follow a set of default rules.

A detailed description of SMACK can be found in the SMACK White Paper. However, a brief overview is given here to introduce relevant concepts. While we have previously discussed the ideas of subject, object and access, we have not previously discussed the term label. In terms of SMACK, a label is data that identifies the Mandatory Access Control (MAC) characteristics of a subject or object. SMACK labels are between 1 and 23 ASCII characters in length. All single character labels using special characters are reserved by SMACK. Of these, there are four default labels currently defined:

• ‘_’ – Defined as the “floor” tag.
• ‘^’ – Defined as the “hat” tag.
• ‘*’ – Defined as the “star” tag.
• ‘?’ – Defined as the “huh” tag.

These and other system-defined labels are attached to subjects and objects within the system in various ways. For example, a file (object) has a SMACK label attached to it as part of a filesystem extended attribute. A process (subject) has a SMACK label as part of the process structure.

The SMACK LSM will then use the default set of rules (interpreted in order) to process access controls, given the labels that have been applied to the system. The default rules are:

1. Any access requested by a subject labeled ‘*’ is denied.
2. A read or execute access request by a subject labeled ‘^’ is permitted.
3. A read or execute access request on an object labeled ‘_’ is permitted.
4. Any access requested on an object labeled ‘*’ is permitted.
5. Any access requested by a subject on an object with the same label is permitted.
6. Any access requested that is explicitly defined in the loaded rule set is permitted.
7. Any other access is denied.

In the above list, rule 6 allows the SMACK access control list to be expanded and modified to fit the security goals and requirements for a particular platform. Below is a contrived example of user-defined SMACK rules that implement an information hierarchy for Unclassified, Classified, Secret, and Top Secret information.

SMACK Access Controls for Unclassified, Classified, Secret and Top Secret

Subject Label	Object Label	Access Type
Classified	Unclassified	rx
Secret	Classified	rwx
Secret	Unclassified	rx
TopSecret	Secret	rx
TopSecret	Classified	rx
TopSecret	Unclassified	rx

This allows a pseudo-hierarchy of access, such as defined by this diagram:

SMACK Usage in MSSF

The SMACK LSM implements MSSF AC concepts this way:

• Application Identifier - An application identifier for an application is stored using the SMACK subject label.
• Resource Token - Resource tokens are represented as SMACK object labels.

A possession of resource tokens for applications is expressed through SMACK rules this way. Suppose we have an application that wants to obtain the location information and make GSM calls. It requests this functionality through the following manifest:

<mssf>
	<request>
		<credential name=”Location”/>
		<credential name=”Cellular”/>
			<for path=”/usr/bin/myapp” id=”myapp”/>
	</request>
</mssf>

Assume the application comes from the MeeGo.com software repository and its package name is “my-app-pkg”. The generated application identifier would be “com.meego.my-app-pkg.myapp”. The possession of the requested resource tokens is recorded in the SMACK rule set by:

Example SMACK Rule Set

Subject Label	Object Label	Access Type
com.meego.my-app-pkg.myapp	Cellular	rx
com.meego.my-app-pkg.myapp	Location	rx

One note here: Although for clarity sake the SMACK subject labels above have been presented in such a way that the application ID itself is used for the subject label, in practice it will not be used this way. Because SMACK imposes a 24-byte length limitation on labels and application IDs can be arbitrarily long, a 32-bit unique identifier is generated from the application ID and stored as the subject label.

Figure 3 shows the basic components of MSSF AC and their interaction during application installation.

1. An application package, together with a manifest file, comes to the Package Manager.
2. The Package Manager checks the Device Security Policy to determine the maximum set of credentials which can be granted for this application.
3. The Package Manager generates the application identifier for the new application and sets the corresponding SMACK subject label in the security.SMACK64EXEC extended attribute.
4. The Package Manager makes additions to the SMACK rules to mark the possession of certain resource tokens and their access type.
5. If the package provides a D-Bus service that the application would like to protect using manifest rules, then the D-Bus configuration policy is also updated.
6. The Package Manager sends the additions to the SMACK rule set stored in the kernel.