Symbian OS is an advanced, customizable operating system, which is licensed by the world's leading mobile phone manufacturers. The latest versions incorporate an enhanced security architecture designed to protect the interests of consumers, network operators and software developers. The new security architecture of Symbian OS v9 is relevant to all security practitioners and will influence the decisions made by every developer that uses Symbian OS in the creation of devices or add-on applications."Symbian OS Platform Security" covers the essential concepts and presents the security features with accompanying code examples.
This introductory book highlights and explains: the benefits of platform security on mobile devices; key concepts that underlie the architecture, such as the core principles of 'trust', 'capability' and data 'caging'; how to develop on a secure platform using real-world examples; an effective approach to writing secure applications, servers and plug-ins, using real-world examples; how to receive the full benefit of sharing data safely between applications; and, the importance of application certification and signing from the industry 'gatekeepers' of platform security, a market-oriented discussion of possible future developments in the field of mobile device security.
Craig Heath has been working in IT security since 1988, including positions at The Santa Cruz Operation as security architect for SCO UNIX, and at Lutris Technologies as security architect for the Enhydra Enterprise Java Application Server. He joined Symbian in 2002, working in product management and strategy. He has been a member of The Open Group Security Forum (originally the X/Open Security Working Group) since 1993, sitting on the Steering Committee since 1999. He has contributed to several published security standards, including XBSS (baseline system security requirements), XDAS (distributed audit), and XSSO (single sign-on). He has also participated in standards work within POSIX, IETF, the Java Community Process, and the Open Mobile Alliance.
About This Book. Foreword. About the Authors. Author's Acknowledgements. Symbian Press Acknowledgements. Part 1 Introduction to Symbian OS Platform Security. 1 Why a Secure Platform? 1.1 User Expectations of Mobile Phone Security. 1.2 What the Security Architecture Should Provide. 1.3 Challenges and Threats to Mobile Phone Security. 1.4 How Symbian OS Platform Security Fits into the Value Chain. 1.5 How Application Developers Benefit from the Security Architecture. 2 Platform Security Concepts. 2.1 Background Security Principles. 2.2 Architectural Goals. 2.3 Concept 1: The Process is the Unit of Trust. 2.4 Concept 2: Capabilities Determine Privilege. 2.5 Concept 3: Data Caging for File Access. 2.6 Summary. viii CONTENTS Part 2 Application Development for Platform Security. 3 The Platform Security Environment. 3.1 Building Your Application. 3.2 Developing on the Emulator. 3.3 Packaging Your Application. 3.4 Testing on Mobile Phone Hardware. 3.5 Summary. 4 How to Write Secure Applications. 4.1 What Is a Secure Application? 4.2 Analyzing the Threats. 4.3 What Countermeasures Can Be Taken? 4.4 Implementation Considerations. 4.5 Summary. 5 How to Write Secure Servers. 5.1 What Is a Secure Server? 5.2 Server Threat Modeling. 5.3 Designing Server Security Measures. 5.4 Server Implementation Considerations. 5.5 Summary. 6 How to Write Secure Plug-ins. 6.1 What Is a Secure Plug-In? 6.2 Writing Secure Plug-ins. 6.3 Plug-in Implementation Considerations. 6.4 Summary. 7 Sharing Data Safely. 7.1 Introduction to Sharing Data. 7.2 Categories of Data. 7.3 Deciding the Level of Trust. 7.4 Attacks on Data and Countermeasures. 7.5 Using System Services. 7.6 Summary. Part 3 Managing Platform Security Attributes. 8 Native Software Installer. 8.1 Introduction to the Native Software Installer. 8.2 Validating Capabilities. 8.3 Identifiers, Upgrades, Removals and Special Files. 8.4 SIS File Changes for Platform Security. 8.5 Installing to and from Removable Media. 8.6 Summary. 9 Enabling Platform Security. 9.1 Responsibilities in Granting Capabilities. 9.2 Overview of the Signing Process. 9.3 Step-by-step Guide to Signing. 9.4 Revocation. 9.5 Summary. Part 4 The Future of Mobile Device Security. 10 The Servant in Your Pocket. 10.1 Crystal-Ball Gazing. 10.2 Convergence, Content and Connectivity. 10.3 Enabling New Services. 10.4 New Security Technologies. 10.5 Summary. Appendix A Capability Descriptions. Appendix B Some Cryptography Basics. Appendix C The Software Install API. Glossary. References. Index.