Symbian OS Platform Security

Craig Heath has been working in IT security since 1988, including positions at The Santa Cruz Operation as security architect for SCO UNIX, and at Lutris Technologies as security architect for the Enhydra Enterprise Java Application Server. He joined Symbian in 2002, working in product management and strategy. He has been a member of The Open Group Security Forum (originally the X/Open Security Working Group) since 1993, sitting on the Steering Committee since 1999. He has contributed to several published security standards, including XBSS (baseline system security requirements), XDAS (distributed audit), and XSSO (single sign-on). He has also participated in standards work within POSIX, IETF, the Java Community Process, and the Open Mobile Alliance.

About This Book. Foreword. About the Authors. Author's Acknowledgements. Symbian Press Acknowledgements. Part 1 Introduction to Symbian OS Platform Security. 1 Why a Secure Platform? 1.1 User Expectations of Mobile Phone Security. 1.2 What the Security Architecture Should Provide. 1.3 Challenges and Threats to Mobile Phone Security. 1.4 How Symbian OS Platform Security Fits into the Value Chain. 1.5 How Application Developers Benefit from the Security Architecture. 2 Platform Security Concepts. 2.1 Background Security Principles. 2.2 Architectural Goals. 2.3 Concept 1: The Process is the Unit of Trust. 2.4 Concept 2: Capabilities Determine Privilege. 2.5 Concept 3: Data Caging for File Access. 2.6 Summary. viii CONTENTS Part 2 Application Development for Platform Security. 3 The Platform Security Environment. 3.1 Building Your Application. 3.2 Developing on the Emulator. 3.3 Packaging Your Application. 3.4 Testing on Mobile Phone Hardware. 3.5 Summary. 4 How to Write Secure Applications. 4.1 What Is a Secure Application? 4.2 Analyzing the Threats. 4.3 What Countermeasures Can Be Taken? 4.4 Implementation Considerations. 4.5 Summary. 5 How to Write Secure Servers. 5.1 What Is a Secure Server? 5.2 Server Threat Modeling. 5.3 Designing Server Security Measures. 5.4 Server Implementation Considerations. 5.5 Summary. 6 How to Write Secure Plug-ins. 6.1 What Is a Secure Plug-In? 6.2 Writing Secure Plug-ins. 6.3 Plug-in Implementation Considerations. 6.4 Summary. 7 Sharing Data Safely. 7.1 Introduction to Sharing Data. 7.2 Categories of Data. 7.3 Deciding the Level of Trust. 7.4 Attacks on Data and Countermeasures. 7.5 Using System Services. 7.6 Summary. Part 3 Managing Platform Security Attributes. 8 Native Software Installer. 8.1 Introduction to the Native Software Installer. 8.2 Validating Capabilities. 8.3 Identifiers, Upgrades, Removals and Special Files. 8.4 SIS File Changes for Platform Security. 8.5 Installing to and from Removable Media. 8.6 Summary. 9 Enabling Platform Security. 9.1 Responsibilities in Granting Capabilities. 9.2 Overview of the Signing Process. 9.3 Step-by-step Guide to Signing. 9.4 Revocation. 9.5 Summary. Part 4 The Future of Mobile Device Security. 10 The Servant in Your Pocket. 10.1 Crystal-Ball Gazing. 10.2 Convergence, Content and Connectivity. 10.3 Enabling New Services. 10.4 New Security Technologies. 10.5 Summary. Appendix A Capability Descriptions. Appendix B Some Cryptography Basics. Appendix C The Software Install API. Glossary. References. Index.