Among the joy of being an expatriate is that you do not have to go in your family and take advantage of this holiday period to rest, do some personal projects and dedicate time to things you wanted to do.
Since the last couple of days, I am trying to use SeL4, a security-oriented kernel that has been formally proven. Sounds sexy, right? For now, I am not quite sure to fully understand how it works and the development environment is huge. It reminds me my old days, when working on taste that requires a full virtual machine just to work. Ah, the joy of development environments that are designed like a Russian jail, so convenient and easy to use!
The goal of this project is to be able to generate SeL4 secure applications from architecture models (mostly AADL). The high-level security requirements would be verified at the model level and would ultimately be transformed into code. This is what I am trying to do during this holiday period.
I am also trying to train for Worlds Ends 100 that will take place in May. Some friends have been there last week-end and told me the course is challenging and intense. As there is an aggressive 19 hours cut-off, I need to work my ass right now in order to finish the race on time. Unfortunately, I do not have the opportunity to train on the course and all I can do is mimic the elevation profile in the parks around Pittsburgh.
On a side note, I am now an official pacer for the Pittsburgh Half-Marathon. If you are running the half and plan to finish in 1:45, I will be around you.
The weather in Pittsburgh is still surprisingly hot. More than 16C.
The big news today (that got my attention!) is the Washington post about Linus’ thoughts on security, especially in the linux kernel.You probably do not know but today, Linux is one of the most used kernel in the world. Every Android device rely on it – most of non-critical embedded devices use it. You are probably not aware of it but you are probably using more Linux-powered devices than Windows or Mac.
The article is well written and explain most of the issues to a non-technical people. Great. But sometimes, it messes things up. For example, when the article reports that the ashley madison data breach, it is totally unrelated: the article focuses on the kernel, not the userspace. This is just not accurate to connect this attack with the linux kernel, it could happen with the same software running on a different kernel.
What users must understand is that security comes at a cost and while this is an important requirement for us, this is not the most critical and people do not pay attention to it until a big attack appears. Achieving high security impact other requirements and characteristics, such as performance. At the end, the question is: are you willing to have your system running slower to protect yourself against a potential security attack against your contact list that has not been discovered yet and would be fixed as soon as it is discovered?
Are you willing to pay the cost of security without affecting other attributes?
It totally depends on your objective and priorities: if your system is a smartphone, you probably do not care because once discovered, the attack will be fixed and your phone will be automatically upgraded. But if you design a nuclear power plant, there is no room for a second chance, millions of people are already dead. So, you do not want that to happen at any cost.
Linus made a good point on that as well: if you are running a safety-critical system, you just do not use Linux. If you are concerned about the security of Linux, solutions exists (e.g. selinux, grsecurity). And if tomorrow the kernel needs more security, the community will work the existing kernel and add the necessary layers – this is just that it has not been the focus so far or has been done through individual efforts. But at the end, if you really want to isolate software according to their criticality, this is no longer a matter of code but an architecture concern: you have to design your system and isolate components according to their security levels. Many existing approaches address that issue (for example, MILS) and there are many solutions to such design: gatekeepers (filtering insecure data before they are forwarded to the secure components), physical or logical separation, etc.
This is also what has been shown by the attack on the Jeep by Miller and Valasek: the entertainment system is connect to several networks connecting critical and non-critical devices without any filtering. By attacking the entertainment system, attackers were able to control a car from their couch. Great. Some will argue this is a software issue but I am still convinced this is an architecture issue: the entertainment system should not be connected to critical equipment without any filtering or protection mechanism.
The Washington post article is interesting but the whole discussion on the Linux kernel is just too much. Rather than putting the fault of an insecure Internet on linux developers, it would rather be more interesting to understand the real architecture defects of the network. And why people choose such insecure software: if Linux is so bad, why is it still soused? There are still many open questions but this article demonstrates how cybersecurity is not understood and addressed today, in our now over-connected world.
That is a fact: we are living in an inter-connected society. This is the era of the so-called “Big Data” where everything is logged, processed and analyzed. Online services has a history of your actions and life: what you did, where and why you did it. It is still unclear why these information are collected: in some case, it is to sell you personalized ads, in others, this is to monitor what you are doing and prevent so-called terrorism. But one thing is sure, cross-data analysis is very powerful and say more about you than most of your friends.
Basically, today, if you are a user of social media platforms and use the computing services “in the cloud”, there is a fair probability agency services know more or less everything about you – political opinion, places visited, friends, acquaintance, diseases, crush, job, etc.
Does it matter?
The argument I often heard from the average facebook/google+-addicted guy is: “I have nothing to hide” or even “I control the data I am sending”. But you don’t. And cannot. An simple example? Just going on facebook with your regular internet browser provides enough information on your browsing history (through the HTTP referer). Just having the facebook app on your phone is enough to track the places you go. As pointed out, your friend list, the likes on your profile are already enough to know a lot about yourself. Browsing on amazon to buy a book and then go on facebook/google+ or any other social media? The book you was looking at (specified by the previous URL) is already a good source of information.
And if these data does not matter, why not releasing all these information by yourself? Why do not you publish your opinion in controversial topics, your sexual orientation, the pictures of your last time you puked? Why do not you write about the crush you had some months ago, the one your wife is (probably obviously) not aware of? Why do not you publish the pictures of the girl you kissed during your last work trip? After all, if collection and analysis of your personal data does not matter, there would be no reason for publishing them? But you do not. You do not want your wife to know that you thought about cheating on her. You do not want other people to see embarrassing pictures where you are miserable, drunk and probably saying stupid things you might regret. You do not want your colleagues or your boss to know your sexual orientation, your political opinion. But you do everything to let them know. For sure, these things happen to most of us. But we want to keep them private and have the ability to control what we tell people about us. We are the solely owner of these data, because they define us: my thoughts, opinions or dreams belong to me and nobody else. I want to keep them private and share them only with a few persons I trust (which I eventually call friends, not facebookfriendsacquaintances). By releasing this information to a third-party and let them use it at their own will is dangerous because you never know what could be done with it. Today, cross-data analysis is very powerful and you have no idea of what it could provide tomorrow. These data can be used by online recruitments agencies to get an adequate and precise profile of candidates for a job. And do not laugh too much because your data help your employer to predict when you are about to quit. If you are going for divorce, there is a fair chance that somebody is trying to use these data to attack and threaten you. Most of us think this data is used only for providing a better ad experience but this is easy to use them for another purpose. By having control of your own privacy, you then know what is done with your data and avoid any third-party to control and analyze it. And there is what you can control because you are aware of it but there are also many other threats that are not so known – just few weeks ago, people found out that your TV might capture your private conversations. Why not your phone, your car or your fridge? Crossing all these data together might be really interesting, isn’t?
What can you do about it?
For sure, social media is a convenient way to interact with other people. Technologies bring a convenient way to communicate, plan and organize parties. This should help us to improve our lifestyle but not restrict our privacy. Unfortunately, we have been so confident that only few data was used and potential harmless of the analysis that it became a routine to use these services. We have trade our privacy with convenient services because we became lazy. And the actual data collection and surveillance activities are already so common that appropriate actions might seem very restrictives.
There are few things you can do to protect your privacy. Note that these are necessary but probably not sufficient.
No cloud service. Stop using e-mail and storage services from the “cloud”. Drop gmail, apple mail, dropbox or hotmail. Now. Stop thinking a cloud provider is safer or more reliable: what you are doing is just to put the problem (store data, make regular backup, setting up your e-mail system) on another one shoulders. There is no guarantee that your data is secure and safe: if a software bug corrupts the data in the cloud or the data center is hit by a natural disaster, this will be too bad for you! Learn by yourself how to handle and backup your data and stop relying on third-party service providers. Own your data. It might cost you a few bucks at first but you will exactly need how your data is managed and where it goes.
Do not trust third-party cloud storage services: you do not know how they use your data now and what they will do with it. And you do not even know what will happen if the company runs out of business, this already happened several times before.
Use open-sourceor (even better) free/libre software. Commercial products are covered by trade secrets and it has been demonstrated that commercial software vendors add potential backdoors at the request of governments. And even if the backdoor was introduced per a government body, everybody can exploit it, which increase your exposure to potential threats. But attacks are not limited to backdoors: even software you download online, most of them have malware embedded in the default installer, even when you get them from trusted website. And even applications on popular markets contain malware and trojan. Use open-source software alternatives: the source can be reviewed by technology experts and security issues are fixed as soon as they are discovered. This is necessary but probably not sufficient: even open-source tools have important defects (see the goto fail issue that affected all iOS products or the heartbleed bug that exposed plenty of personal data). But by nature, they are reviewed/analyzed and potential bugs are quickly fixed.
Do not use social media app on your smartphone. Look at the permissions required by the app and imagine how powerful is the analysis one can do with it. Use social media website on your regular computer and start from a blank page (avoid to submit http referer).
Stop using social media applications on your phone: it provides access to the content of your phone. Look at the permissions requested by the facebook app and think about the impact of accessing this data. The application can read/write/modify your text messages, access to all your calendar (i.e. where you go, who you met) and contact (who you know). The facebook messenger can also records audio (and so, listen to what is happening around), know your location (which already says a lot about you). And other social media apps have a similar policy. By stopping using these apps and using them only inside a browser, you avoid to give permission of using your phone sensors and devices (GPS, microphone, internal and external data storage, etc.).
Finally, the main thing you can do is to leverage this numeric world and what it offers (convenience of connect with others with social media, events finder, etc.) to make us more open rather than focusing on cyber relation. How many times we see people in a party starring at their mobile phone? Instead of giving away our privacy and spending our time online, let’s be open and re-connect to the real world. Let’s take back our privacy and embrace real-life experiences and adventures.