The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux

The increasing availability of cloud computing and scientific super computers brings great potential for making R accessible through public or shared resources. This allows us to efficiently run code requiring lots of cycles and memory, or embed R functionality into, e.g., systems and web services. However some important security concerns need to be addressed before this can be put in production. The prime use case in the design of R has always been a single statistician running R on the local machine through the interactive console. Therefore the execution environment of R is entirely unrestricted, which could result in malicious behavior or excessive use of hardware resources in a shared environment. Properly securing an R process turns out to be a complex problem. We describe various approaches and illustrate potential issues using some of our personal experiences in hosting public web services. Finally we introduce the RAppArmor package: a Linux based reference implementation for dynamic sandboxing in R on the level of the operating system

Systems thinking for safety and security

The fundamental challenge facing security professionals is preventing losses, be they operational, financial or mission losses. As a result, one could argue that security professionals share this challenge with safety professionals. Despite their shared challenge, there is little evidence that recent advances that enable one community to better prevent losses have been shared with the other for possible implementation. Limitations in current safety approaches have led researchers and practitioners to develop new models and techniques. These techniques could potentially benefit the field of security. This paper describes a new systems thinking approach to safety that may be suitable for meeting the challenge of securing complex systems against cyber disruptions. Systems-Theoretic Process Analysis for Security (STPA-Sec) augments traditional security approaches by introducing a top-down analysis process designed to help a multidisciplinary team consisting of security, operations, and domain experts identify and constrain the system from entering vulnerable states that lead to losses. This new framework shifts the focus of the security analysis away from threats as the proximate cause of losses and focuses instead on the broader system structure that allowed the system to enter a vulnerable system state that the threat exploits to produce the disruption leading to the loss

Securing Our Future Homes: Smart Home Security Issues and Solutions

The Internet of Things, commonly known as IoT, is a new technology transforming businesses, individuals’ daily lives and the operation of entire countries. With more and more devices becoming equipped with IoT technology, smart homes are becoming increasingly popular. The components that make up a smart home are at risk for different types of attacks; therefore, security engineers are developing solutions to current problems and are predicting future types of attacks. This paper will analyze IoT smart home components, explain current security risks, and suggest possible solutions. According to “What is a Smart Home” (n.d.), a smart home is a home that always operates in consideration of security, energy, efficiency and convenience, whether anyone is home or not

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism

Securing the Internet of Things Infrastructure - Standards and Techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed

Self-secured devices: securing shared device access on TrustZone-based systems

Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresWith the advent of the Internet of Things (IoT), security emerged as a significant requirement in the embedded systems development. Attacks against embedded systems infrastructures have been increasing, because security is being misconstrued as the addition of features to the system in a later stage of the system development. A new change in the way that systems are being developed is needed, to start guaranteeing security from the outset. ARM Trustzone is a hardware technology that adds significant value to the security picture. TrustZone promotes hardware as the initial root of trust and has been gaining particular attention in the embedded space due to the massive presence of ARM processors into the market. TrustZone technology splits the hardware and software resources into two worlds - the secure world, dedicated to the secure processing, and the non-secure world for everything else. A lot of research has been done around TrustZone technology, ranging from efficient and secure virtualization solutions to trusted execution environments (TEE). Both cases, despite targeting different applications with different requirements, consolidate multiple virtual environments into the same platform and necessarily need to share resources among them. Currently, hardware devices on TrustZone-enabled system-on-chips (SoC) can only be configured as secure or non-secure, which means the dual-world concept of TrustZone is not spread to the devices itself. With this direct assignment method both worlds are unable to use the same device unless it is entirely duplicated, significantly increasing overall hardware costs. Existing shared device access on TrustZone-based architectures have been shown to negatively impact the overall system in terms of security and performance, besides often come with associated engineering effort or substantial hardware costs. This thesis proposes the concept of self-secured devices, a novel approach for shared device access in TrustZone-based architectures. Self-secured devices extend the TrustZone dual-world concept to the inner logic of the device by splitting the device’s hardware logic into a secure and non-secure interface. The implemented solution was deployed on LTZVisor, an open-source and in-house lightweight TrustZone-assisted hypervisor, and the achieved results are encouraging, demonstrating that we increase the security properties of the system for an acceptable cost in terms of hardware.Com o advento da Internet das Coisas (IoT), começaram a surgir mais preocupações relativas à segurança no desenvolvimento de sistemas embebidos. Os ataques contra infraestruturas deste tipo de sistemas têm vindo a aumentar exponencialmente, dado que a segurança tem vindo a ser reforçada através da adição de várias funcionalidades ao invés de ser considerada desde a fase inicial de desenvolvimento do sistema. ARM TrustZone, é um exemplo de uma tecnologia de hardware que veio contribuir significativamente para o panorama de segurança. A tecnologia TrustZone promove o hardware como base inicial de segurança, tendo vindo a ganhar particular relevância em soluções de sistemas embebidos devido à presença massiva dos processadores ARM no mercado. A tecnologia TrustZone separa todos os recursos de software e hardware em dois ambientes de execução diferentes, os quais são denominados de mundo seguro, onde é realizado todo o processamento seguro, e o mundo não seguro para tudo o resto. Esta tecnologia já foi alvo de bastante investigação e tem sido explorada na implementação de soluções seguras de virtualização ou até mesmo ambientes seguros de execução (TEE). Apesar de ambos os casos visarem diferentes aplicações com diferentes requisitos, ambos consistem em consolidar vários ambientes virtuais numa só plataforma e inerentemente necessitam de partilhar recursos entre os mesmos. Contudo, atualmente, os dispositivos em system-on-chips (SoC) habilitados com TrustZone podem somente ser configurados como seguros ou não seguros, o que significa que o conceito de duplo ambiente de execução da TrustZone não está estendido aos próprios dispositivos. Com este método de atribuição direta, ambos os mundos não podem utilizar simultaneamente o mesmo dispositivo a não ser que o mesmo seja duplicado, aumentando significativamente os custos de hardware. Atualmente, os métodos existentes de acesso a dispositivos partilhados em sistemas com TrustZone demonstram ter um impacto negativo no sistema em termos de segurança, desempenho e por vezes requerem um grande esforço de engenharia ou custos de hardware excessivos. Esta tese propõe desenvolver o conceito de dispositivos self-secured, um novo método de acesso a dispositivos partilhados em sistemas com TrustZone. Estes dispositivos estendem o conceito da TrustZone à logica interna dos dispositivos, dividindo a sua lógica numa interface segura e não segura. A solução implementada foi integrada no LTZVisor, um hipervisor em código aberto e de baixo overhead assistido por TrustZone, demonstrando que a segurança do dispositivo partilhado é assegurada com reduzidos custos de hardware