SlideShare uma empresa Scribd logo

Single Sign-on Framework in Tizen

Ryo Jin
Ryo Jin

Single Sign-on Framework in Tizen - Jaska Uimonen, Intel

Tecnologia
1 de 13
Baixar para ler offline
Single Sign-On Framework in Tizen Contributors: Alexander Kanavin, Jussi Laako, Jaska Uimonen
2 Introduction Architecture Demonstration
What is the problem that Single Sign-on systems are aiming to solve? Source: xkcd.com/1200
What is gSSO? ● A system for storing sensitive user data (credentials is the term for it) securely* ● Provides implementations of common** operations and authentication protocols that use those credentials and the API to access it ● Written entirely in C using Glib and its class and object system (Gobject) ● License: LGPL 2.1+ * the word 'securely' will be explained in a moment ** what exactly is meant by 'common' operations will also be explained in a moment
What is 'security' as understood by gSSO? (1/2) Credentials are stored in a database, and the database must be stored on disk so that only gsso can access it – The details of such secure storage are handled by plugins – By default classic Unix permissions on the database file are used – The database can also be encrypted on disk using ecryptfs – Other platform security mechanisms can be utilized by writing additional plugins
What is 'security' as understood by gSSO? (2/2) Access to each credential must be allowed only to explicitly listed applications – Each credential has an access control list – Checks against this list are performed by an access control plugin – The default plugin is using filesystem paths to perform checks – There is also a plugin that is using SMACK labels – There is also support for access controlling applications, if they are not standalone binaries, but scripts that run in a runtime
What are the common operations that use credentials? ● Applications do not access credentials directly (again, this is good for security) ● Applications initiate an operation on a credential from a list of allowed operations (mechanisms) ● List of allowed methods/mechanisms is stored together with the credential in a database ● Method is a class implemented by a plugin ● Mechanisms are functions of a method With that said, the methods fall broadly into two categories: ● Offline (do not send anything over the network) ● Online (usually, authentication protocols to get access to some service)
Offline methods ● The simplest method: store and retrieve a username/password pair – Can be used for password management, or when the password is sent directly over the network (not a good idea!) – Implemented by 'password' plugin ● X.509 – Handles operations with X.509 certificates such as sign, verify, encrypt and decrypt, without exposing the related keys to applications ● Generic encryption/decryption engine – The key is never exposed to the applications ● Front-end to specialized security hardware (such as a trusted execution engine or a smart card) – Provides a common API to applications, so they don't have to implement a hardware specific API
Online methods ● OAuth version 1 and 2 – Very popular mechanism for authorizing applications to access online services. Used by Google, Facebook, Twitter, Microsoft, LinkedIn, Amazon, Yahoo,... pretty much everybody. – Typically involves showing the user a webpage which asks if the user trusts some application to access some data from a service, and if the user does, the application gets a magic access string (a 'token') – GSSO implements the client side of OAuth 1 and 2 RFC standards fully, even though they are rather large :) ● SASL – A set of mechanisms for challenge/response based authentication – Used in IMAP, SMTP, XMPP, LDAP, IRC,... – GSSO implements the most common mechanisms ● HTTP Digest authentication
Architecture – all the pieces together
Architecture – functional flow
Demo placeholder! (see notes)
Conclusion http://01.org/gsso LGPL 2.1+ Git repositories, mailing lists, bug tracker, IRC channel, documentation, tarball downloads, etc. All of that can be found at the above address

Recomendados

Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]n|u - The Open Security Community
 
Ch18
Ch18Ch18
Ch18Joe Christensen
 
Ch20
Ch20Ch20
Ch20Joe Christensen
 
Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Paula Januszkiewicz
 
Malware forensics
Malware forensicsMalware forensics
Malware forensicsSameera Amjad
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to ExploitationUTD Computer Security Group
 

Recomendados

Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]n|u - The Open Security Community
 
Ch18
Ch18Ch18
Ch18Joe Christensen
 
Ch20
Ch20Ch20
Ch20Joe Christensen
 
Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Paula Januszkiewicz
 
Malware forensics
Malware forensicsMalware forensics
Malware forensicsSameera Amjad
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to ExploitationUTD Computer Security Group
 
Web application security
Web application securityWeb application security
Web application securityAkhil Raj
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 
Enterprise Network Design and Deployment
Enterprise Network Design and Deployment Enterprise Network Design and Deployment
Enterprise Network Design and Deployment Sandeep Yadav
 
Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookheyamiable_indian
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learningsecurityxploded
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database ServerFahri Firdausillah
 
Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007Anton Chuvakin
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsRhydham Joshi
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3Sam Bowne
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Toshiharu Harada, Ph.D
 
Gear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design GuideGear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design GuideRyo Jin
 
Thomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architectureThomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architectureGBC Finland
 
Isabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing ArtsIsabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing Artsartsking
 
Simple Energy Brand Book
Simple Energy Brand BookSimple Energy Brand Book
Simple Energy Brand BookBrooke Webster
 
Performing art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciencesPerforming art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciencesMadhulika Sanyal
 
Scale & Proportion
Scale & ProportionScale & Proportion
Scale & ProportionKia Mosenthal
 
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & RhythmUnity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythmtanyalangford
 
how to make architecture graduation project
how to make architecture graduation project how to make architecture graduation project
how to make architecture graduation project Eman Ateek
 
Principles of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etcPrinciples of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etcStanly Sunny
 

Mais conteúdo relacionado

Mais procurados

Web application security
Web application securityWeb application security
Web application securityAkhil Raj
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 
Enterprise Network Design and Deployment
Enterprise Network Design and Deployment Enterprise Network Design and Deployment
Enterprise Network Design and Deployment Sandeep Yadav
 
Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookheyamiable_indian
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learningsecurityxploded
 
Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007Anton Chuvakin
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsRhydham Joshi
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3Sam Bowne
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Toshiharu Harada, Ph.D
 

Mais procurados (13)

Web application security
Web application securityWeb application security
Web application security
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
 
Enterprise Network Design and Deployment
Enterprise Network Design and Deployment Enterprise Network Design and Deployment
Enterprise Network Design and Deployment
 
Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookhey
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learning
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database Server
 
Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commands
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
 

Destaque

Gear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design GuideGear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design GuideRyo Jin
 
Thomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architectureThomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architectureGBC Finland
 
Isabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing ArtsIsabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing Artsartsking
 
Simple Energy Brand Book
Simple Energy Brand BookSimple Energy Brand Book
Simple Energy Brand BookBrooke Webster
 
Performing art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciencesPerforming art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciencesMadhulika Sanyal
 
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & RhythmUnity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythmtanyalangford
 
how to make architecture graduation project
how to make architecture graduation project how to make architecture graduation project
how to make architecture graduation project Eman Ateek
 
Principles of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etcPrinciples of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etcStanly Sunny
 
Zaha hadid heydar aliyev cultural centre
Zaha hadid heydar aliyev cultural centreZaha hadid heydar aliyev cultural centre
Zaha hadid heydar aliyev cultural centreKumar Snehansu
 
Thesis Report
Thesis ReportThesis Report
Thesis Reportgarima_c
 
Jawahar kala kendra Case study
Jawahar kala kendra Case studyJawahar kala kendra Case study
Jawahar kala kendra Case studymichellesahay
 
JAWAHAR KALA KENDRA
JAWAHAR KALA KENDRAJAWAHAR KALA KENDRA
JAWAHAR KALA KENDRASumit Raina
 
Theory of architecture
Theory of architectureTheory of architecture
Theory of architectureKrishna Jhawar
 
Design Thinking Process
Design Thinking ProcessDesign Thinking Process
Design Thinking ProcessHeyy Gus
 

Destaque (20)

Gear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design GuideGear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design Guide
 
Thomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architectureThomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architecture
 
Isabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing ArtsIsabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing Arts
 
Simple Energy Brand Book
Simple Energy Brand BookSimple Energy Brand Book
Simple Energy Brand Book
 
Performing art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciencesPerforming art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciences
 
Scale & Proportion
Scale & ProportionScale & Proportion
Scale & Proportion
 
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & RhythmUnity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
 
how to make architecture graduation project
how to make architecture graduation project how to make architecture graduation project
how to make architecture graduation project
 
Principles of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etcPrinciples of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etc
 
JT Performing Arts Center
JT Performing Arts Center JT Performing Arts Center
JT Performing Arts Center
 
Zaha hadid heydar aliyev cultural centre
Zaha hadid heydar aliyev cultural centreZaha hadid heydar aliyev cultural centre
Zaha hadid heydar aliyev cultural centre
 
Thesis Report
Thesis ReportThesis Report
Thesis Report
 
Jawahar kala kendra Case study
Jawahar kala kendra Case studyJawahar kala kendra Case study
Jawahar kala kendra Case study
 
JAWAHAR KALA KENDRA
JAWAHAR KALA KENDRAJAWAHAR KALA KENDRA
JAWAHAR KALA KENDRA
 
Principle of architecture
Principle of architecturePrinciple of architecture
Principle of architecture
 
Theory of architecture
Theory of architectureTheory of architecture
Theory of architecture
 
Design Thinking Process
Design Thinking ProcessDesign Thinking Process
Design Thinking Process
 
Concept sheet - Thesis
Concept sheet - ThesisConcept sheet - Thesis
Concept sheet - Thesis
 
5 Type Of Architecture Design Process
5 Type Of Architecture Design Process 5 Type Of Architecture Design Process
5 Type Of Architecture Design Process
 
2010 Thesis Project
2010 Thesis Project2010 Thesis Project
2010 Thesis Project
 

Semelhante a Single Sign-on Framework in Tizen

Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxGiuseppe Paterno'
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005James Morris
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answersOWASP
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of SystemsJamal Jamali
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityLumension
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22jemtallon
 
Chapter 09
Chapter 09Chapter 09
Chapter 09cclay3
 
Process behaviour modelling using lsm
Process behaviour modelling using lsmProcess behaviour modelling using lsm
Process behaviour modelling using lsmiaemedu
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Codemotion
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 

Semelhante a Single Sign-on Framework in Tizen (20)

Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs Security
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
Process behaviour modelling using lsm
Process behaviour modelling using lsmProcess behaviour modelling using lsm
Process behaviour modelling using lsm
 
Avanan Platform.pdf
Avanan Platform.pdfAvanan Platform.pdf
Avanan Platform.pdf
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Operating system security
Operating system securityOperating system security
Operating system security
 
SECURITY SYSTEM INTEGRATION
SECURITY SYSTEM INTEGRATIONSECURITY SYSTEM INTEGRATION
SECURITY SYSTEM INTEGRATION
 

Mais de Ryo Jin

Why is EFL used on Tizen?
Why is EFL used on Tizen?Why is EFL used on Tizen?
Why is EFL used on Tizen?Ryo Jin
 
Samsung Z4 User Manual
Samsung Z4 User ManualSamsung Z4 User Manual
Samsung Z4 User ManualRyo Jin
 
Samsung ARTIK 050 (ARTIK ZERO) Modules Data Sheet
Samsung ARTIK 050 (ARTIK ZERO) Modules Data SheetSamsung ARTIK 050 (ARTIK ZERO) Modules Data Sheet
Samsung ARTIK 050 (ARTIK ZERO) Modules Data SheetRyo Jin
 
Introduction to Watch Face Development with Tizen Studio
Introduction to Watch Face Development with Tizen StudioIntroduction to Watch Face Development with Tizen Studio
Introduction to Watch Face Development with Tizen StudioRyo Jin
 
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan Driver
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan DriverTizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan Driver
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan DriverRyo Jin
 
Panduan Penggunaan Perangkat Wearable Tizen
Panduan Penggunaan Perangkat Wearable TizenPanduan Penggunaan Perangkat Wearable Tizen
Panduan Penggunaan Perangkat Wearable TizenRyo Jin
 
Cara Menggunakan Smartphone Tizen
Cara Menggunakan Smartphone TizenCara Menggunakan Smartphone Tizen
Cara Menggunakan Smartphone TizenRyo Jin
 
Samsung Indonesia: Tizen Store
Samsung Indonesia: Tizen StoreSamsung Indonesia: Tizen Store
Samsung Indonesia: Tizen StoreRyo Jin
 
Samsung Indonesia: Tizen Wearables
Samsung Indonesia: Tizen WearablesSamsung Indonesia: Tizen Wearables
Samsung Indonesia: Tizen WearablesRyo Jin
 
Samsung Indonesia: Tizen Web Apps
Samsung Indonesia: Tizen Web AppsSamsung Indonesia: Tizen Web Apps
Samsung Indonesia: Tizen Web AppsRyo Jin
 
Samsung Indonesia: Tizen Native App
Samsung Indonesia: Tizen Native AppSamsung Indonesia: Tizen Native App
Samsung Indonesia: Tizen Native AppRyo Jin
 
Samsung Indonesia: Tizen Platform Overview and IoT
Samsung Indonesia: Tizen Platform Overview and IoTSamsung Indonesia: Tizen Platform Overview and IoT
Samsung Indonesia: Tizen Platform Overview and IoTRyo Jin
 
Russian Tizen Project
Russian Tizen ProjectRussian Tizen Project
Russian Tizen ProjectRyo Jin
 
Samsung SM-R360 Tizen User Manual
Samsung SM-R360 Tizen User ManualSamsung SM-R360 Tizen User Manual
Samsung SM-R360 Tizen User ManualRyo Jin
 
Tizen Micro Profile for IoT device
Tizen Micro Profile for IoT deviceTizen Micro Profile for IoT device
Tizen Micro Profile for IoT deviceRyo Jin
 
Panduan Dasar Pemrograman Tizen
Panduan Dasar Pemrograman TizenPanduan Dasar Pemrograman Tizen
Panduan Dasar Pemrograman TizenRyo Jin
 
The Story of Enlightenment, EFL, Tizen and Wayland
The Story of Enlightenment, EFL, Tizen and WaylandThe Story of Enlightenment, EFL, Tizen and Wayland
The Story of Enlightenment, EFL, Tizen and WaylandRyo Jin
 
Tizen PASS
Tizen PASSTizen PASS
Tizen PASSRyo Jin
 
Tizen PASS
Tizen PASSTizen PASS
Tizen PASSRyo Jin
 
Samsung Gear UI Design Guidelines
Samsung Gear UI Design GuidelinesSamsung Gear UI Design Guidelines
Samsung Gear UI Design GuidelinesRyo Jin
 

Mais de Ryo Jin (20)

Why is EFL used on Tizen?
Why is EFL used on Tizen?Why is EFL used on Tizen?
Why is EFL used on Tizen?
 
Samsung Z4 User Manual
Samsung Z4 User ManualSamsung Z4 User Manual
Samsung Z4 User Manual
 
Samsung ARTIK 050 (ARTIK ZERO) Modules Data Sheet
Samsung ARTIK 050 (ARTIK ZERO) Modules Data SheetSamsung ARTIK 050 (ARTIK ZERO) Modules Data Sheet
Samsung ARTIK 050 (ARTIK ZERO) Modules Data Sheet
 
Introduction to Watch Face Development with Tizen Studio
Introduction to Watch Face Development with Tizen StudioIntroduction to Watch Face Development with Tizen Studio
Introduction to Watch Face Development with Tizen Studio
 
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan Driver
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan DriverTizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan Driver
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan Driver
 
Panduan Penggunaan Perangkat Wearable Tizen
Panduan Penggunaan Perangkat Wearable TizenPanduan Penggunaan Perangkat Wearable Tizen
Panduan Penggunaan Perangkat Wearable Tizen
 
Cara Menggunakan Smartphone Tizen
Cara Menggunakan Smartphone TizenCara Menggunakan Smartphone Tizen
Cara Menggunakan Smartphone Tizen
 
Samsung Indonesia: Tizen Store
Samsung Indonesia: Tizen StoreSamsung Indonesia: Tizen Store
Samsung Indonesia: Tizen Store
 
Samsung Indonesia: Tizen Wearables
Samsung Indonesia: Tizen WearablesSamsung Indonesia: Tizen Wearables
Samsung Indonesia: Tizen Wearables
 
Samsung Indonesia: Tizen Web Apps
Samsung Indonesia: Tizen Web AppsSamsung Indonesia: Tizen Web Apps
Samsung Indonesia: Tizen Web Apps
 
Samsung Indonesia: Tizen Native App
Samsung Indonesia: Tizen Native AppSamsung Indonesia: Tizen Native App
Samsung Indonesia: Tizen Native App
 
Samsung Indonesia: Tizen Platform Overview and IoT
Samsung Indonesia: Tizen Platform Overview and IoTSamsung Indonesia: Tizen Platform Overview and IoT
Samsung Indonesia: Tizen Platform Overview and IoT
 
Russian Tizen Project
Russian Tizen ProjectRussian Tizen Project
Russian Tizen Project
 
Samsung SM-R360 Tizen User Manual
Samsung SM-R360 Tizen User ManualSamsung SM-R360 Tizen User Manual
Samsung SM-R360 Tizen User Manual
 
Tizen Micro Profile for IoT device
Tizen Micro Profile for IoT deviceTizen Micro Profile for IoT device
Tizen Micro Profile for IoT device
 
Panduan Dasar Pemrograman Tizen
Panduan Dasar Pemrograman TizenPanduan Dasar Pemrograman Tizen
Panduan Dasar Pemrograman Tizen
 
The Story of Enlightenment, EFL, Tizen and Wayland
The Story of Enlightenment, EFL, Tizen and WaylandThe Story of Enlightenment, EFL, Tizen and Wayland
The Story of Enlightenment, EFL, Tizen and Wayland
 
Tizen PASS
Tizen PASSTizen PASS
Tizen PASS
 
Tizen PASS
Tizen PASSTizen PASS
Tizen PASS
 
Samsung Gear UI Design Guidelines
Samsung Gear UI Design GuidelinesSamsung Gear UI Design Guidelines
Samsung Gear UI Design Guidelines
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Single Sign-on Framework in Tizen

  • 1. Single Sign-On Framework in Tizen Contributors: Alexander Kanavin, Jussi Laako, Jaska Uimonen
  • 3. What is the problem that Single Sign-on systems are aiming to solve? Source: xkcd.com/1200
  • 4. What is gSSO? ● A system for storing sensitive user data (credentials is the term for it) securely* ● Provides implementations of common** operations and authentication protocols that use those credentials and the API to access it ● Written entirely in C using Glib and its class and object system (Gobject) ● License: LGPL 2.1+ * the word 'securely' will be explained in a moment ** what exactly is meant by 'common' operations will also be explained in a moment
  • 5. What is 'security' as understood by gSSO? (1/2) Credentials are stored in a database, and the database must be stored on disk so that only gsso can access it – The details of such secure storage are handled by plugins – By default classic Unix permissions on the database file are used – The database can also be encrypted on disk using ecryptfs – Other platform security mechanisms can be utilized by writing additional plugins
  • 6. What is 'security' as understood by gSSO? (2/2) Access to each credential must be allowed only to explicitly listed applications – Each credential has an access control list – Checks against this list are performed by an access control plugin – The default plugin is using filesystem paths to perform checks – There is also a plugin that is using SMACK labels – There is also support for access controlling applications, if they are not standalone binaries, but scripts that run in a runtime
  • 7. What are the common operations that use credentials? ● Applications do not access credentials directly (again, this is good for security) ● Applications initiate an operation on a credential from a list of allowed operations (mechanisms) ● List of allowed methods/mechanisms is stored together with the credential in a database ● Method is a class implemented by a plugin ● Mechanisms are functions of a method With that said, the methods fall broadly into two categories: ● Offline (do not send anything over the network) ● Online (usually, authentication protocols to get access to some service)
  • 8. Offline methods ● The simplest method: store and retrieve a username/password pair – Can be used for password management, or when the password is sent directly over the network (not a good idea!) – Implemented by 'password' plugin ● X.509 – Handles operations with X.509 certificates such as sign, verify, encrypt and decrypt, without exposing the related keys to applications ● Generic encryption/decryption engine – The key is never exposed to the applications ● Front-end to specialized security hardware (such as a trusted execution engine or a smart card) – Provides a common API to applications, so they don't have to implement a hardware specific API
  • 9. Online methods ● OAuth version 1 and 2 – Very popular mechanism for authorizing applications to access online services. Used by Google, Facebook, Twitter, Microsoft, LinkedIn, Amazon, Yahoo,... pretty much everybody. – Typically involves showing the user a webpage which asks if the user trusts some application to access some data from a service, and if the user does, the application gets a magic access string (a 'token') – GSSO implements the client side of OAuth 1 and 2 RFC standards fully, even though they are rather large :) ● SASL – A set of mechanisms for challenge/response based authentication – Used in IMAP, SMTP, XMPP, LDAP, IRC,... – GSSO implements the most common mechanisms ● HTTP Digest authentication
  • 10. Architecture – all the pieces together
  • 13. Conclusion http://01.org/gsso LGPL 2.1+ Git repositories, mailing lists, bug tracker, IRC channel, documentation, tarball downloads, etc. All of that can be found at the above address