ScopesConfinement

Differences between revisions 2 and 3
Revision 2 as of 2013-08-30 12:40:41
Size: 759
Editor: strehl-t
Comment:
Revision 3 as of 2013-08-30 13:08:46
Size: 1150
Editor: strehl-t
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
For 13.10, scopes will not be available in the app store and application
confinement[1] will prevent apps from abusing scopes and the scopes
For 13.10, scopes will not be available in the app store and [[http://https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement|application
confinement]] will prevent apps from abusing scopes and the scopes
Line 12: Line 12:
== Issue #1: confinement ==
Line 16: Line 17:

== Issue #2: scopes privacy ==

This is about preventing any user data from leaving the device either by (malicious scopes) shipping off concrete data or by just querying remote sources. The latter is of concern because the query string already exposes private information.

Introduction

For 13.10, scopes will not be available in the app store and [[http://https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement|application confinement]] will prevent apps from abusing scopes and the scopes architecture. For 14.04 we'd like to have app developers able to deliver scopes via the app store. For us to be able to have scopes deliverable via click packages, we'll need to carefully design the system to support confining scopes.

Scopes create a number of interesting challenges when considering application confinement. There are two overarching issues wrt to scopes.

Issue #1: confinement

  • apps - ie, apps can't attack the system (ie, scopes, the dash, etc to
    • ship off data, enumerate things, etc)
  • scopes - ie, scopes can't attack the system (ie, the dash, other
    • scopes, user data, etc)

Issue #2: scopes privacy

This is about preventing any user data from leaving the device either by (malicious scopes) shipping off concrete data or by just querying remote sources. The latter is of concern because the query string already exposes private information.

SecurityTeam/Specifications/ScopesConfinement (last edited 2014-11-03 15:04:53 by jdstrand)