Home · All Namespaces · All Classes · Grouped Classes · Modules · Functions

SXE - Impact and Implications

The SXE policy has a number of impacts and implications for the following:

• Developers
• OEMs
• Integrators
• Operators
• Performance Effects

These are discussed in detail in the following sections.

Developers

SXE will impact developers of 3rd party downloadable applications. Because downloaded applications will operate in a sandbox environment, resources and services available will be limited. Given the current support only for games, developers will need to ensure their applications adhere to those capabilities outlined in Aims and Limitations

In addition, the custom qpk package format must be used, however this is automated on the SDK. Some very limited provision will be provided for legacy .ipkg format, but this will not be formally supported and will likely work for only very simple applications.

OEMs

There should be little impact for OEMS. The intention is that the integrators and OEMs work with a Qt Extended 4 SDK the same way they work with current SDKs.

OEMS may wish to provide a support framework to receive any end-user reports of security violations; or they may wish for this to be the responsibility of the network provider.

Integrators

The design and build of the Linux kernel and file-system must now include the Mandatory Access Control(MAC) kernel and its associate user-space binaries: lidsconf and lidsadm. Development of such kernels and file-systems is straightforward and is described in the documentation for LIDS. Integrators will also need to apply a custom patch to LIDS, made for Qt Extended, which contains various enhancements and requisite kernel modifications specific to SXE.

Operators

Operators require a higher level of confidence in the integrity of the phone software stack, in the face of downloadable application scenarios, and virus activity.

With respect to content provision, placement of packages for download will operate with little change, that is, it is OEM configurable.

Violations are detailed in a synthesized email message in the SMS Inbox. Notification of the arrival of the message is as for any other message. The text of the message describes the violation and includes technical data pertaining to the violation. This can then be forwarded to a support number for analysis of the violation.

Performance Effects

• The proposal for a MAC kernel implementation involves the use of Linux Intrusion Detection System (LIDS).
• The Security Enhanced Linux (SELinux) MAC kernel is currently integrated with 2.6 official Linus kernel sources. It has broad support despite indications of performance decrements of 7% over the normal kernel. SELinux uses file-system extended attributes, such as JFFS and YAFFS, that are not available for embedded file-systems at the time of writing. LIDS is much simpler than SELinux and is expected to perform well.
• Program Identification overheads are only a consideration when asynchronous IPC is being carried out; at which point some overhead is expected and accepted. The marginal or incremental overhead introduced by Program Identification is minimal.

  In many cases Simple authentication can be used, and optimizations are possible such that if key-based identification is required for complex scenarios the incremental addition to IPC end-to-end time is minimal and not noticeable.

• The server process table is in memory and will usually contain less than 10 entries. The installation table exists on storage but is read entirely into memory at run-time. It contains an entry for each currently installed package and one for each Qt Extended system binary: entries will be in an order of magnitude of 10^1.
• For trusted transports, eg QCop messaging on Unix Domain Sockets where the endpoints are protected by MAC rules, simple message authentication only occurs at the time of initial socket connect.
• The current implementation for message authentication is HMAC-MD5 with an option to switch to HMAC-SHA1 for greater security at performance cost. These algorithms are built into the Linux kernel and accessible to Qt Extended via a userspace framework; or are shipped with a vendor supplied accelerated cryptographic solution. As a generalization HMAC-MD5 for short messages like QCop is very fast.

  This is only required if an untrusted transport is used, for example if a UDP socket or similar system.

• The application rule-set contains a row for request allowed by the untrusted domain, entries will be in the magnitude of 10^2.

  To mitigate performance impact from the application rule-set, rule set lookups are cached and the caching policy may be adjusted for better performance if memory resources are available.