Symbian Platform Security Symbian Signed

  • Uploaded by: Fahad_Mudassar
  • 0
  • 0
  • November 2019
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Symbian Platform Security Symbian Signed as PDF for free.

More details

  • Words: 1,049
  • Pages: 23
Symbian:

Platform Security

Unit of Trust • Platform Security Controls what a

Process/Application can Do • A Process is Smallest Unit of Trust • Processes are Either – Built into the Phone by Manufacturers or – Installed on Phone After It has Left Manufacturing Unit

Four Tiers of Trust • Trusted Computing Base (TCB) • Trusted Computing Environment (TCE) • Trusted (Signed) Software • Untrusted Software

Trusted Computing Base (TCB) • Most Trusted Part of Symbian OS • Holds Highest Level of Privileges • Examples – – –

Kernel File Server Software Installer

Trusted Computing Environment (TCE) • Considered Less Trusted than TCB • Have Lesser Privileges than TCB • Each Component/Process has Only Those

Privileges as Required for Carrying out its Tasks • Examples – Window Server can access only Screen Hardware – Telephony Server can access only Communication Hardware

Signed Software • Software which is Signed by a Trusted Authority • Required Permissions are Granted if Included in the Signed Software

Unsigned Software • Software which is Not Signed by a Trusted

Authority or is Self-Signed • Does Not Necessarily Means that Software is Malicious • Unsigned Software are Sandboxed i.e. Cannot Perform Actions which Require Sensitive Operations • Generally Manufacturers Require that Software is Signed Before it can Even be Installed on Device

Capability Model • A Capability is Unit of Protection • Sensitive APIs are Protected using Capabilities • Each Process is Assigned a Level of Privilege • Privileges Indicates which Security Sensitive

Operations a Process can Perform • Kernel Holds a List of Capabilities for Each Running Process • Capabilities are Discrete • Capabilities are Listed in Project Definition File

Broad Categories of Capabilities • TCB Capability • System Capabilities • User Capabilities

User Capabilities • These are Security Concepts that a Phone User can Understand

– User can Decide whether to Install a Software that Accesses his/her Personal Data – Examples • Local Services—Bluetooth, USB, Infrared Connections • Location—Access to Data Giving Location of Phone • Network Services—Over the Air Data Services • Read/Write Access to User Confidential Data

System Capabilities • System Capabilities Allow a Process to Access Sensitive Operations • Generally Only Symbian Signed Software Are Granted System Capabilities • Examples – – – –

Read and Write Access to File System Access to Device Drivers Power to Kill Any Process Cause Phone to Go in Standby State, Wakeup or Power Down Completely – Access to All Communications Equipment Device Drivers

TCB Capability • Possessed by Members of TCB Only i.e.

kernel, device drivers etc. • Includes All System and User Capabilities • Example – Loading Program Code

Capability Rules • The Capabilities of a Process Never

Change During its Lifetime. • A Process can only Load a DLL if that DLL is Trusted with At Least the Same Capabilities as that Process

Identifier for Executable Applications • Unique Identifier (UID) – Each Executable Has Unique Identifiers.

• Secure Identifier (SID) – Used to Identify Private Directory the Process can Access – Used to Uniquely Identify Application when it Makes Inter-Process Call

• Vendor Identifier (VID) – Used to Uniquely Identify a Vendor

Data Caging • Also Called File Access Control • Allows Protection of Private Data • Both User and System Files Can be Protected

Symbian Signed

Symbian Signed • Allows Symbian Software Developers to Obtain a • •

Digital Signature for their Applications Does Not Guarantee Completely Correct Application Behavior. What it Guarantees?—Minimum Quality Level – Applications Do Not

• Block Incoming Calls • Overwrite File System • Refuse to Shutdown

– If Uninstalled, Application Does Not Leave any Files Behind – In Resource Critical Situations, Application Behaves Well – And Others…….

Symbian Signed Testing Criteria • Two Groups of Tests – Universal Tests (UNI) • Tests Basic Application Reliability and Robustness • Examples: Stress Testing, Correct Installation, Uninstall,

Compliance with System Events, Out of Memory Error, etc.

– Capability Related Test (CAP) • Perform Tests Related to Specific Capabilities • Examples: Platform Security Features, VoIP applications

must not interfere with GSM-based telephony functions,

Signing Options • Open Signed – Developer Certificate Based Signing for Developers Without a Publisher ID – Can be Used for Testing, Non-Commercial or Personal Use – Deployment is Restricted by Device IMEI

• Express Signed

– Signing Option that Does Not Require Independent Testing – Available Capabilities are Restricted

• Certified Signed – Mainstream Signing Option Based on Independent Testing – Provides Access to Most Capabilities

Signing Options Publisher ID Required

Independent Testing Required

IMEI Restrictions

For Commercial Distribution

Open Signed Online

No

No

Yes

No

Open Signed Offline

Yes

No

Yes

No

Express Signed

Yes

No

No

Yes

Certificate Signed

Yes

Yes

No

Yes

Capabilities and Signing Capability Type User Capabilities

System Capabilities

Restricted Capabilities

Capability Name LocalServices Location NetworkServices ReadUserData UserEnvironment WriteUserData PowerMgmt, ProtServ ReadDeviceData, SurroundingsDD, SwEvent, TrustedUI WriteDeviceData CommDD,

DiskAdmin NetworkControl Manufacture MultimediaDD AllFiles , DRM , TCB r Capabilities

Description User Capabilities are designed to be meaningful to mobile phone users

Availability All signing options

Depending on Device Manufacturer security policies, users may be able to grant blanket or single-shot permission to applications which use these Capabilities System Capabilities that protect All Signing system services, device settings, and Options some hardware features

Restricted Capabilities that protect file system, communications, and multimedia device Services Trusted Computing Base and System Capabilities that protect the most sensitive system services

Open Signed (with Publisher ID) & Certified Require Signed Manufacturer Approval

Which Applications Require Signing (Symbian Signed)? • For Symbian OS v9 and Above – Applications that Need to Access APIs Protected by System Capabilities, Must be Signed – Applications that Do Not Use Protected APIs May Require Signature if Device Implementation Enforces It. – Applications that Need Only User Capabilities May Require Signature if Device Implementation Enforces It. – Application that Need Manufacturer Capabilities are Required to Go Through Manufacturer Defined Signing Process

• There is no requirement to sign applications targeted at versions of Symbian OS earlier than v9

References • Mobile computing : technology, applications, and • • • • • •

service creation by Asoke K. Talukder, Roopa R. Yavagal S60 Programming by Paul Coulton and Reuben Edwards Developing Software for Symbian OS by Steve Babin The Accredited Symbian Developer Primer by Mark Jacobs and Jo Stichbury http://www.symbiansigned.com https://www.trustcenter.de/en/index.htm http://developer.symbian.com

Related Documents