A colleague of mine and I presented an overview of Tizen, including what we'd look for when performing mobile pen testing against Tizen devices and applications, at DerbyCon this past year. Since many people are still unfamiliar with the OS, we spent the first half of the talk discussing the platform generally, with a focus on security features & any security problems that we could think of based on the platform at the time the talk was given. The latter half of the talk was spent discussing in generic terms how we'd go about breaking things on the platform.
One of the things that I think is a huge step in the right direction - setting Tizen apart from Android specifically - is the inclusion of the Content Security Framework that McAfee contributed. That single element - if leveraged correctly - will be key to ensuring the security of the platform once users get their hands on devices and start installing apps. With regard to SMACK, it will be interesting to see how SMACK configuration on end user devices compares to, for example, the way that Verizon/Samsung use SELinux and Knox to prevent system changes and device rooting. -- Jason On Tue, Jan 7, 2014 at 11:45 AM, Schaufler, Casey <[email protected]> wrote: > Tizen is taking security very seriously. We are using the Smack Linux > Security Module to provide mandatory access control. We are taking a very > aggressive stance with regard to keeping system services protected. There is > unlikely to be a hardened version of Tizen simply because we are creating a > hard system by design. It is our intention that Tizen will be more secure > than the alternatives, even those that have been augmented to meet special > needs. There will always be debates about which security scheme is best and > where the line between security and user experience should be drawn. There > isn’t an objective security measure, so there will be a component of > personal judgment in any comparison. By putting security into the initial > architecture we believe that Tizen will compare well with any other system > in the marketplace. > > > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Sven Ruin > Sent: Monday, January 06, 2014 9:45 PM > To: [email protected] > Cc: [email protected] > Subject: [Tizen General] Tizen security > > > > To the Tizen community, > > > > As you may know, some find it hard to see what Tizen has to recommend over > existing products. I’m not yet familiar with Tizen, but think one of the > most important advantages that Tizen could hopefully bring is a higher level > of security. Therefore I wanted to ask if Tizen will really be much more > secure than other alternatives, in particular Android, even if Tizen will > one day capture a large market share? > > > > For background information, see for example F-Secure’s Mobile Threat Report > Q3 2013 on http://www.f-secure.com/en/web/labs_global/whitepapers/reports. > > > > Best regards, > > > > Sven Ruin > > > _______________________________________________ > General mailing list > [email protected] > https://lists.tizen.org/listinfo/general > _______________________________________________ General mailing list [email protected] https://lists.tizen.org/listinfo/general
