Integrity Protection and Access Control – Who Do You Trust? – Glenn Wurster, BlackBerry
Without file-system and boot integrity for all storage, on-line access control against a physical attacker is a masquerade. Using an off-line attack, an attacker can change the permissions, contents, and even the SELinux label of a file not integrity protected. What does SELinux do if it can’t trust its labels? One solution is to encrypt all file-systems using hardware backed keys. In this talk I will start by talking about a LSM created for the BlackBerry Priv that ties running with elevated privileges (including SEAndroid domains) to integrity protection. The approach is designed to limit the risk of a system service executing a binary on the user data partition with elevated privileges. After talking about the specific LSM developed, I will expand the focus to the general intersection between integrity protection and access control.
About Glenn Wurster
Glenn Wurster is currently a Principal Security Researcher with BlackBerry. He has presented at conferences including Usenix Enigma, ACM CCS, Usenix HotSec, and IEEE S&P. He co-chaired ACM SPSM in 2015 and is on the program committee for Usenix WOOT and ACM SPSM in 2016. He is currently involved in operating system security for both Linux (as a result of his ongoing work with the Android based BlackBerry Priv smartphone) and QNX (as a result of his ongoing work with BlackBerry 10 smartphones). His current research is focused on mandatory access control and mitigations against security vulnerabilities. He received his Ph.D. in 2010, where his thesis focused on mechanisms which encouraged secure-by-default development behaviour by constraining dangerous permissions.