Security/Mentorships/MWoS/2014/B2G-IPC-Audit

From MozillaWiki
< Security‎ | Mentorships‎ | MWoS‎ | 2014
Revision as of 07:20, 15 August 2014 by Banty (talk | contribs) (→‎Description)
Jump to navigation Jump to search
WinterOfSecurity logo light horizontal.png

Team

Introduction

whoami? Chris Hickstein, a student at the University of Minnesota finishing my undergrad degree in comp sci. I enjoy auditing code and poking software until it breaks.

Members

  • Chris Hickstein @ban_SECURI_ty
  • Professor Stephen McCamant
  • Mozilla Advisor: Frederik Braun

Project

Firefox IPC Audit

Description

FirefoxOS uses a defensive programming technique called 'sandboxing' to help limit the control of an attacker who has already compromised an application running on the system [0]. This is implemented by separating different system tasks (webpage rendering, ...?) into multiple processes. Each process possesses the least amount of privileges it needs to complete its required task. For example


[0] http://en.wikipedia.org/wiki/Principle_of_least_privilege
[1] https://developer.mozilla.org/en-US/Firefox_OS/Security/B2G_IPC_internals

Timeline

Scope

Success Criteria

Weekly Updates

<date>

  • current work
  • blocking points
  • discussion points
  • upcoming work
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Mentorships/MWoS/2014/B2G-IPC-Audit&oldid=1005961"