[OLPC Security] Seamless Lessons & Security (commentary)
Jameson "Chema" Quinn
jquinn at cs.oberlin.edu
Tue Jul 8 08:30:41 EDT 2008
> I don't think this discussion is fruitful without looking at the
> actual threat model.
I agree absolutely.
> The threat that was discussed is that a malicious activity could
> launch other activities on its own, resulting in DOS. The dialog (or
> any required user interaction) to me seems adequate to prevent this
> attack. Do you disagree?
This is precisely what the dialog is for in my mind, and it is the one case
where a dialog is justified.
If you see other threats in this scenario that are not otherwise
> addressed by Bitfrost then please be specific about them, and we'll
> have a separate discussion.
I mentioned another threat which is involved with cross-activity launching,
though is not directly part of the "seamless lessons" use case. This is the
idea that an activity with P_MIC_CAM could automatically launch or pass data
to an activity with P_NETWORK. Nobody has yet given any comment on this
threat or my proposed solution:
*Data from a P_MIC_CAM activity is marked so that it simply cannot be opened
by a P_NETWORK activity.* Specifically, there is a "Private" metadata
attribute for all journal contents. There are two new bitfrost privileges,
P_CREATE_NONPRIVATE and P_READ_PRIVATE. All activities have the ability to
create and read its own private journal entries and to read nonprivate
journal entries it did not create. The new privileges are needed to,
respectively: create nonprivate entries; and read private entries created by
other activities. P_CREATE_NONPRIVATE is similar to (or, possibly,
implemented as synonymous with) P_NETWORK in that it is not granted along
with P_MIC_CAM without user intervention. In the same way, P_READ_PRIVATE is
similar to (or, possibly, implemented as synonymous with) P_NETWORK in that
it is not granted along with P_MIC_CAM without user intervention.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Security