LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Lightweight Portable Security

Lightweight Portable Security

Posted Dec 16, 2010 15:36 UTC (Thu) by dlang (✭ supporter ✭, #313)
Parent article: Lightweight Portable Security

you spend a lot of time talking about how this isn't configured to protect the local system from the user of LPS, but I don't see that as the point. anytime you boot a system from external media you can subvert that system (the only prevention being encryption and TPS type features on the system itself)

the purpose of LPS is to be independent of anything in the local system, so that if there is malware on the local system it doesn't affect you.

for this sort of thing, simply not mounting the local system is good enough, you don't need to make it impossible to do so.

that being said, there is definitely room for improvement here, running as a non-root user by default, and using a security module (SELINUX or other) to protect the system would be big wins.

(Log in to post comments)

Lightweight Portable Security

Posted Dec 16, 2010 15:49 UTC (Thu) by jake (editor, #205) [Link]

> the purpose of LPS is to be independent of anything in the local system,
> so that if there is malware on the local system it doesn't affect you.

hmm, it's also meant to protect against malware coming across the wire ...

jake

Lightweight Portable Security

Posted Dec 16, 2010 18:46 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

true, and that is why adding a LSM and using a non-root user are good things to do.

however, this has nothing to do with accessing local drives.

Lightweight Portable Security

Posted Dec 16, 2010 19:22 UTC (Thu) by jake (editor, #205) [Link]

> however, this has nothing to do with accessing local drives.

i feel like somehow i am missing your point, sorry if so ...

malware over the wire can mount the local drives and do various ugly things ... that's what it has to do with accessing local drives ... as we seem to agree, an LSM and/or non-root user would help here, but that's not the case currently ...

jake

Lightweight Portable Security

Posted Dec 16, 2010 20:39 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

the purpose isn't to protect local drives from the user, it's to protect the user from stuff that may be on local drives by ignoring them.

malware doesn't need to access the local drives to do bad things, and malware would have a hard time figuring out what local drives to mount where to do bad things to them anyway. I'm not aware of any malware that goes digging through your system to even try to do this sort of thing, all malware that I am aware of just affects the stuff that's currently mounted.

in the article you spent a lot of time talking about how the user can still get at the local disks, and my point is that that really doesn't matter.

Lightweight Portable Security

Posted Dec 16, 2010 20:55 UTC (Thu) by jake (editor, #205) [Link]

> in the article you spent a lot of time talking about how the user can
> still get at the local disks, and my point is that that really doesn't
> matter.

and my point is that it *does* matter ... whether malware exists today that roots around on the local disks for information of interest, or to alter the installed OS, doesn't really matter -- though i suspect there are isolated cases of that kind of malware out there already ...

the organization sponsoring LPS is set up to protect the data of the DoD, which may well reside on the local disks and/or the USB stick ... if DoD employees are using this at home or on their laptops as some sort of "secure web browser", and have local data of interest, there is a problem, no?

and if we are protecting against nation-state class attacks, those actors developing targeted malware to access or modify that local data is most certainly in the cards ...

i guess i didn't miss your point, i just disagree :)

jake

Lightweight Portable Security

Posted Dec 16, 2010 23:01 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

this is intended to protect the DoD data, but the intention as I read it is to use unknown hardware to securely access DoD data.

not to boot this on a secured DoD system and access insecure networks (things like disk encryption, firewall rules, air-gapped networks, etc would come in to play to prevent this)

if the user has sensitive data on their local machine that is a problem completely separate from LPS, and LPS can't solve the problem (the person can just boot into the normal OS of the box, or boot from another live CD, in any case that data is exposed)

Lightweight Portable Security

Posted Dec 16, 2010 21:01 UTC (Thu) by droundy (subscriber, #4559) [Link]

I got the impression that the system was supposed to be able to protect against malware that might be created intentionally by nation states that might be specifically targeting the user. It isn't marketed to only protect against run-of-the-mill windows malware, so it's reasonable to expect that it should be able to defend against attacks that specifically target computer. Which also I presume would mean protecting against attacks that rewrite the BIOS, since that could compromise future uses of the system, since it could boot from the hard drive while pretending to boot from the CD or usb stick.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds