Last week, James Carter and Stephen Smalley presented the architecture and security mechanisms of two operating systems, Zephyr and Fuchsia at the Linux Security Summit 2018. James and Stephen are computer security researchers in the Information Assurance Research organization of the US National Security Agency (NSA).
They discussed the current concerns in the operating systems and their contribution and others to further advance security of these emerging open source operating systems. They also compared the security features of Zephyr and Fucshia to Linux and Linux-based systems such as Android.
Zephyr is a scalable real-time operating system (RTOS) for IoT devices, supporting cross-architecture with security as the main focus. It targets devices that are resource constrained seeking to be a new "Linux" for little devices.
Zephyr introduced basic hardware-enforced memory protections in the v1.8 release and these were officially supported in the v1.9 releases. The microcontrollers should either have a memory protection unit (MPU) or a memory management unit (MMU) to support these protection mechanisms.
These mechanisms provide protection by the following ways:
The researchers’ contribution was to review the basic memory protections and also develop a set of kernel memory protection tests that were modeled after subset of lkdtm tests in Linux from KSPP. These tests were able to detect bugs and regression in Zephyr MPU drivers and are now a part of the standard regression testing that Zephyr performs on all future changes.
In previous versions, everything ran in a supervisor mode, so Zephyr introduced a userspace support in v1.10 and v1.11. This requires the basic memory protection support and MPU/MMU. It provides basic support for user mode threads with isolated memory.
The researchers contribution, here, was to develop userspace tests to verify some of the security-relevant properties for user mode threads, confirm the correctness of x86 implementation, and validate initial ARM and ARC userspace implementations.
Originally, Zephyr provided an access to all the user threads to the global variables of all applications. This imposed high burden on application developers to,
To solve this problem, the researchers developed a new feature which will come out in v1.13 release, known as App Shared Memory, having features:
Fucshia is an open source microkernel-based operating system, primarily developed by Google. It is based on a new microkernel called Zircon and targets modern hardware such as phones and laptops.
Regular handles: Through handles, userspace can access kernel objects. They can identify both the object and a set of access rights to the object. With proper rights, one can duplicate objects, pass them across IPC, and obtain handles to child objects.
Some of the concerns pointed out in regular handles are:
Resource handles: These are a variant of handles for platform resources such as, memory mapped I/O, I/O port, IRQ, and hypervisor guests.
Some of the concerns pointed out in resource handles are:
Job policy: In Fucshia, every process is a part of a job and these jobs can further have child jobs. Job policy is applied to all processes within the job. These policies include error handling behavior, object creation, and mapping of WX memory.
Some of the concerns pointed out in job policies are:
vDSO (virtual dynamic shared object) enforcement: This is the only way to invoke system calls and is fully read-only.
Some of the concerns pointed out in vDSO enforcement are:
Namespaces: It is a collection of objects that you can enumerate and access.
Sandboxing: Sandbox is the configuration of a process’s namespace created based on its manifest.
Some of the concerns pointed out in namespaces and sandboxing are:
To address the aforementioned concerns the researchers suggested a MAC framework. It could help in the following ways:
This was a sneak peek from the talk. To know more about the architecture, hardware limitations, security features of Zephyr and Fucshia in detail, watch the presentation on YouTube: Security in Zephyr and Fucshia - Stephen Smalley & James Carter, National Security Agency.
Cryptojacking is a growing cybersecurity threat, report warns
Red Hat Enterprise Linux 7.6 Beta released with focus on security, cloud, and automation
Red Hat Enterprise Linux 7.6 Beta released with focus on security, cloud, and automation