CELF Embedded Conference 2007でTOMOYO Linuxの発表を行います
2007-03-13 10:20 (by haradats)

4/17-19 San Joseので開催される組み込みLinuxの国際会議、CELF Embedded Conference 2007で、TOMOYO Linuxの発表(プレゼンテーション、チュートリアル)を行います。本発表は、TOMOYO Linuxにとって初めての国外での発表となります。


この発表は、昨年12月に行ったCE Linux Forum Jumboree12でTOMOYO Linuxの講演を行った際に、組み込みLinuxの国内コミュニティの方々からのご提案をいただき実現したものです。




Linux has been adopted more and more by embedded devices. But its poor
access control model raises critical security problems. Unlike PCs, it
is difficult to apply security patches to embedded devices. Thus,
embedded devices should be designed with due consideration for
imperative access control.

Linux kernel 2.6 has been equipped with LSM (Linux Security Modules,
OS level security framework) to provide MAC (Mandatory Access Control,
imperative access control) ability. NSA\'s SELinux (Security-Enhanced
Linux, LSM applicant security server) provides very fine-grained
access control, but its requirements for embedded devices seem to be
too excessive. LIDS (Linux Intrusion Detection System), on the other
hand, is relatively compact and better suits embedded systems. However
its access control granularity is rather sparse.
There are many limitations which are specific to embedded devices. For
example, slow CPU speed, storage capacity for OS and programs,
filesystem that doesn\'t support xattr (extended attributes),
hard-links and symbolic links used for busybox (multi-call binary to
save space), files dynamically created on volatile filesystem.

TOMOYO Linux (http://tomoyo.sourceforge.jp/index.html.en) is yet
another way to provide a lightweight and manageable MAC ability. It is
available under GPL and applicable to and suitable for both PCs and
embedded devices. In this session, we will present an overview of
TOMOYO Linux and explain why TOMOYO Linux is suitable for embedded
devices. We will also show some demonstrations.

原田季栄 (Toshiharu Harada)

TOMOYO project news list