Ubuntu Frame Security

This document aims to explain a number of aspects of security in the context of the Ubuntu Frame snap ecosystem (Frame itself, ubuntu-frame-osk and ubuntu-frame-vnc).

Contents:


Threat model

We ran threat modelling for Mir itself (the display server library underpinning Frame) based on this snap stack, and maintain that documented there:

https://canonical-mir.readthedocs-hosted.com/stable/explanation/security/

Cryptography

There is no cryptography used in Frame itself or the On-Screen Keyboard snap. No direct dependency on en/decryption, hashing or digital signatures.

The VNC snap is built on top of wayvnc, which has cryptographic features (password authentication, data encryption), but those are disabled in the snap, as it only listens to local connections. See remote access documentation for more information.