This site has been retired. For up to date information, see handbook.gnome.org or gitlab.gnome.org.


[Home] [TitleIndex] [WordIndex

Denis Obrezkov

Email: <denis13_obrezkov8_5 AT SPAMFREE gmail DOT com> (remove anything but letters)

Location Aware Security Project

Link: Location Aware Security Project

Description

People use their computer in various different locations/contexts, like at home, the office or in public spaces.

The need for security settings and policies are different for the aforementioned locations. At home, e.g., it might not be needed to ask the user for passwords when connecting thunderbolt devices and also USB devices can probably be trusted more. Additionally the screen locking timeouts can be more relaxed.

Tasks

Technologies to consider

Prototype for tests

Fedora Workstation 28 + QEMU + switcher of wifi spots (script for qemu?)

In order to imitate different wifi spots mac80211_hwsim might be used.

Prototype will consist of a daemon and a client application communicating via D-Bus. Client app will allow to list available zones (and corresponding devices), attach different labels to wifi networks, interfaces and usb devices. Daemon will keep all those information in a database (?) and provide clients with the information and be responsible for changing security regimes. Daemon will be written in C, client in C or Python (?).

Some concerns

What are the project goals?

I think there is also a problem - there is no usable simple policy management tool. So, a user can't even restrain some application without good knowledge of firewall rules or SELinux. So, it is hard to say right now how to make a usable mechanism for location aware security since in that case a user should define security rules on its own. So, it seems to me that this project is more for system administrators.


CategoryHomepage


2024-10-23 11:03