[okl4-developer] OKL4 + security by isolation

[anshul makkar]

Hi,

Just confused whether to reuse OKL4 or QUBES to implement security by isolation on mobile platform.

Based on the knowledge that I have , it seems that each of the trusted domains/ compartments that I can create using OKL4 need to have a guest OS. Isn't it possible to have just applications executing in their own trusted compartments ? A concept similar to QUBES, where applications/ user processes can executed in their own trusted domain.

Anshul Makkar
www.justkernel.com
http://www.linkedin.com/groups/Just-Kernel-3033180

[Tim Newsham]

check out genode.org . They've got an L4-based system that has isolated
components similar to qubes. they've got a live cd demo you can boot
to play around with...

> _______________________________________________
> Developer mailing list
> Deve...@okl4.org
> https://lists.okl4.org/mailman/listinfo/developer
>



--
Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com

_______________________________________________
Developer mailing list
Deve...@okl4.org
https://lists.okl4.org/mailman/listinfo/developer

[Daniel Potts]

Hi Ansjul, Tim,

There are several mature L4-based systems out there, and L4 is ideal for implementing systems requiring components with separation and isolation. They do not require a full guest OS, and in fact, for security applications you should be aiming for minimality anyway.

As to which L4-based system? Well, I think it really depends on what you are trying to do, including what applications or OSes you wish to host.

OKL4 is certainly suitable and most of our programs are focused on security/safety/reliability use-cases. Xen-based systems that are properly architected are also a good candidate.

[anshul_makkar]

Hi Daniel, 

Thanks for the reply. 

Basically, I want to implement security by isolation on mobile where each application will be executed in it's own micro visor and there will be single os like Android on the system. So please can you let me know if this possible using okl4.  

Xen  has that architecture where os resides in domain 0.

Please suggest if we can achieve the above results with okl4.  ? And I hope it's under gpl license. 

Thanks

Anshul makkar

Www. Justkernel.com

Sent from Samsung Mobile

[Daniel Potts]

Hi Anshul,

Yes - we do this today to run one or more Android or other apps isolated (in their own Virtual Machine), but they're are some important nuances. Firstly, you still need a supporting environment for the app, even if just to route traps to the main OS. More likely there would be a cut-down and isolated Android OS just to host the app, and that would need a host of virtual drivers and other support infrastructure. 

On true, flexible, type-1 hypervisors, what runs above should be able to be anything from a full OS, through to something more cutdown - creating a componentized system. Your challenge is building in top of this how your components interact and what they offer., and what role they play.

For example in Xen you reference dom0 which is really just one VM that offers out hosting of native devices (drivers) to other VMs. Even in Xen, you aren't really constrained this way - multiple VMs could fulfill the "dom0" role in collaboration. 

You should also take a look at container technology such as samsung's Knox or Fixmo containers if you haven't already (google android containers). While they do not provide sufficient security, they are probably closer to what you are after unless you truly want the isolation that only a type-1 hypervisor offers. 

[anshul makkar]

Hi Daniel,

Ok. So you mean you are able turn Android and isolated apps using OKL4 microkernel right ? Was there a need to modify Android ?

Yeah, definitely supporting environment for app would be required ::A OS would be required by applications to run.. So yes, we would need to route the calls to the OS.. For eg. , we have an Andoid OS running on mobile, and one app like email , then whenever app will require services from the OS , the calls will be routed to the OS.

Our main objective is to implement isolation on apps with single host OS i.e each running app is executed in its own VM (Just like Bromium has done for PCs Intel architecture)... for eg if user opens a browser or an email app, then a small VM is created just for that pariticular app. Currently we are not concentrating on hosting multiple OSes.

So currently confused whether to use Microkernel based apprach ie. OKL4 or hypervisor based approach i.e Xen. 

Xen , in present form doesn't provide isolation for applicationa. Xen requires each VM to have its own guest and then guest can have its own individual set of applications. So , if we go for xen based approach then lot of work will be required to implement a small vm for each user process.

I think now you have better understanding of what we are trying to make. So , please can you suggest whether OKL4 can fit into the picture. 

Please suggest.

Anshul Makkar
www.justkernel.com
http://www.linkedin.com/groups/Just-Kernel-3033180

[Tim Newsham]

Android will not quite be android if you completely isolate
each app from each other. A large bit of the android experience
is one activity using IPC to invoke other activities and to pass
data back and forth across activities.

On Tue, Sep 24, 2013 at 9:30 PM, anshul makkar

[anshul makkar]

Interesting point.. Thanks Tim for sharing. Will keep this in mind, while designing the architecture.

Anshul Makkar
www.justkernel.com