ScopesConfinement

Differences between revisions 3 and 5 (spanning 2 versions)
Revision 3 as of 2013-08-30 13:08:46
Size: 1150
Editor: strehl-t
Comment:
Revision 5 as of 2013-08-30 13:12:35
Size: 1138
Editor: strehl-t
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
For 13.10, scopes will not be available in the app store and [[http://https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement|application For 13.10, scopes will not be available in the app store and [[https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/|application
Line 13: Line 13:
 * apps - ie, apps can't attack the system (ie, scopes, the dash, etc to
  
ship off data, enumerate things, etc)
 * scopes - ie, scopes can't attack the system (ie, the dash, other
  
scopes, user data, etc)
  * apps - ie, apps can't attack the system (ie, scopes, the dash, etc to ship off data, enumerate things, etc)
  * scopes - ie, scopes can't attack the system (ie, the dash, other scopes, user data, etc)

Introduction

For 13.10, scopes will not be available in the app store and [[https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/|application confinement]] will prevent apps from abusing scopes and the scopes architecture. For 14.04 we'd like to have app developers able to deliver scopes via the app store. For us to be able to have scopes deliverable via click packages, we'll need to carefully design the system to support confining scopes.

Scopes create a number of interesting challenges when considering application confinement. There are two overarching issues wrt to scopes.

Issue #1: confinement

  • apps - ie, apps can't attack the system (ie, scopes, the dash, etc to ship off data, enumerate things, etc)
  • scopes - ie, scopes can't attack the system (ie, the dash, other scopes, user data, etc)

Issue #2: scopes privacy

This is about preventing any user data from leaving the device either by (malicious scopes) shipping off concrete data or by just querying remote sources. The latter is of concern because the query string already exposes private information.

SecurityTeam/Specifications/ScopesConfinement (last edited 2014-11-03 15:04:53 by jdstrand)