[maemo-developers] Maemo security longterm roadmap?

[From: Mike Lococo]

> I was maybe not so clear in my last message; What I mean is:
> We can trust software that come from trusted source and that is
> 'signed'. But other software, that the end user still want to install
> can't be trusted.

Actually bitfrost is aimed at an entirely different problem than 
containing third-party malicious software installations.  The _only_ 
solutions to that problem are warnings or disabling third-party software 
entirely.  You _cannot_ install software on your device from untrusted 
sources and not expect them to be able to abuse your device.

Bitfrost addresses a different problem, limiting the effects of 
exploitation of legitimate software, much like SELinux.  From the 
"Software installation" section of the document you linked to in your 
first message:

    The protection of benign software is a keystone of our security
    model. We approach it with the following idea in mind: benign
    software will not lie about its purpose during installation.

It's similar to SELinux.  It's an interesting idea, although it a 
_tremendous_ amount of work to write good security policies, and it's 
also reasonable to wonder about performance costs on a resource 
constrained device.

If you want to see progress made on this front, you should start porting 
the infrastructure and writing maemo policies for vulnerable apps (like 
email or the web browser).  It's extremely unlikely that Nokia is going 
to pick up the torch on this one, though, since it's a huge project with 
very speculative benefits.  My suspicious is that it will take several 
years for this concept to fully bake on the Desktop before it is 
appropriately applied to resource-constrained devices.

Thanks,
Mike Lococo