Hi all!
---
Umbrella is a security mechanism that implements a combination of
Process-Based Access Control (PBAC) and authentication of binaries through
Digital Signed Binaries (DSB). The scheme is designed for Linux-based
consumer electronic devices ranging from mobile phones to settop boxes.
Umbrella is implemented on top of the Linux Security Modules (LSM) framework.
The PBAC scheme is enforced by a set of restrictions on each process. This
policy is distributed with a binary in form of execute restrictions (attached
in the binary) and within the program, where the developer has the
opportunity of making a "restricted fork" for setting restrictions for new
children.
---
We now present you with a new and cool version of Umbrella, namely
version 0.6. Besides fulfilling the roadmap of integration with GNU Privacy
Guard, the code has also been optimized and undertaken some major changes.
Followin is the main major changes:
- Complete integration with GNU Privacy Guard to authenticate binaries
- Hash tables for storing restrictions is replaced by the new, fast and
simple FSR data structure, that mimics the 'dentry' structs in the
kernel
- The Umbrella system call is eliminated and completely replaced by a
/proc filesystem interface
- The Umbrella code is now completely independent of all architectures
and kernel subversions
For instructions on how to try out the Process-Based Access Control and
Digitally Signed Binaries in Umbrella, please download the complete 0.6
tarball from SourceForge:
http://prdownloads.sourceforge.net/umbrella/umbrella-0.6.tar.bz2?download
Please refer to the README file in the tarball for further instructions.
As always we appreciate any comments, suggestions etc. you may have :-)
Enjoy,
The Umbrella Team.
--
Kristian S?rensen
- The Umbrella Project -- Security for Consumer Electronics
http://umbrella.sourceforge.net
E-mail: [email protected], Phone: +45 29723816