iot - innovating without compromising security
Post on 15-Apr-2017
190 Views
Preview:
TRANSCRIPT
Innovating without compromising security
Victor Palau - VP of Commercial Engineering, Canonical
We are the company behind Ubuntu.
Canonical and Ubuntu Introduction
London
Boston Beijing
EMPLOYEES700+
COUNTRIES30+
FOUNDED2004
Canonical has been developing operating systems since 2004, and is now extending the Ubuntu OS on smart devices.
Ubuntu is an open-source operating system, currently established on server, cloud, desktop and thin client.
Taipei
Ubuntu: where are we now?
The world’s 3rd most popular PC OS90% of the Linux market
25,000,000 usersand still counting
This year we launched 3 Mobilesbq E4.5, bq E5 and MX4
#1 Guest OS in Public CloudsAWS, HP, Azure, Google Compute..
The great thing about the internet of things is that everything is connected
The scary thing about the internet of things is that everything is connected
DNS exploit
"Is it serious? Yes it definitely is, [..]Because whenever anybody gets access to your router, they can alter settings to direct traffic to places you don't want it to go
to."
Jonathan Wu, senior director of product management at Netgear
Netgear router owners would be prompted to update their firmware if:
● they logged into their router's admin settings, or ● they had the Netgear genie app installed on their computer, tablet or
smartphone.
Car exploits include ..
● Taking control of the car via hacking the entertainment system ● Drive the car to a ditch by hacking the radio system● Unlock your car remotely
Leaked trusted signing key
● Open source firmware for surveillance camera (GOOD!) ● Inside the source tree, there was a signing key trusted by Windows
(BAD!)● You could sign any software with it a make it look legit
What could we have done better..
● Keep it small and simple
complex systems are harder to secure, don’t carry unnecessary load
● Sandboxing
A hack to the radio should not be able to lead to a ditch
● Reuse
Basic components are shared across devices, a single issue can affect a large number, but also will harden faster
● Update ready
Jeep vs Tesla. Very similar hack. Tesla ship an Over The Air (OTA) update, Jeep had to recall 1.4M cars
some common principles
We have done it all beforeso why not apply it to IoT?
● Only what is needed in the phone (no more, no less)
● All apps in the phone are sandboxed
● Common rootfs images across phones, common “custom” image across locales, HW specifics in device image
● Canonical hosted OTA channels, including devel, release and stable
Introducing snappy Ubuntu Core
Ubuntu Core is small, secure, fastAll the goodness of Ubuntu in a device-centric rendition
Snappy transactional updates
Simpler application packaging
Rigorous security guarantees
Modular architecture for independent updates
Apps Apps Apps
Frameworks Frameworks Frameworks
Ubuntu core
Kernel and Hardware Capabilities List
Maximum security and integrity
Snappy uniquely combines best-in-business security
with ease of use
Apps isolated from one another and from the OS
Enforced by Canonical’s AppArmor security system
Digital signatures guarantee integrity
traditional ubuntu
kernel snap
snappy ubuntu
os snap
app snapapp snap
kernel config
os writable files
app writable area
app writable areaany package can
write to any file
read-only snaps
writable spaces per snap
filesystem
Awesome on devices
Vendors control their app distribution and updates directly
Shared frameworks extend the base operating system
Base operating system is free and built on the best of Ubuntu
The new Ubuntu for embedded products on ARM & x86
Minimum system requirements
Processor Architecture
Intel x86 or ARMv7/v8 (Cortex-A7 single core or above)
Memory
256MB+
Flash Storage
4GB System storage
Available Connectivity types
WiFi, Ethernet, USB, BT4.0 BLE, ..
Commercial product with snappy
Snappy Ubuntu Core is targeted to manufacturers of smart embedded devices that focus on differentiating their products via great hardware and services.
Who is snappy Ubuntu Core for
What does a snappy manufacturer look like?
They focus on differentiating features since they don't need to worry about building and maintaining a full OS system stack
They want proven and reliable methods to update devices in the market
They care deeply about security of their devices and user’s data
They leverage an existing community of developers and partners
Try snappy Ubuntu Core
ubuntu.com/snappy
top related