SlideShare a Scribd company logo

Symbian OS - Platform Security

Andreas Jakl
Andreas Jakl

A short introduction to Symbian OS 9, followed by a more detailed description of the new Platform Security concept. Explains the relevant topics like capabilities, data caging or Symbian Signed. The slides are based on the new Symbian Signed scheme which launched in Q4 2007. Knowledge of the basic concepts of Symbian OS is recommended. Contents * Symbian OS 9 * Trust Model * Capabilities * Data Caging * Identifiers (UID, SID, VID) * Symbian Signed (Open Signed, Express Signed, Certified Signed)

Technology
1 of 67
Symbian OS Symbian OS 9,Platform Security v2.1a – 17 January 2009 1 Andreas Jakl, 2009
Disclaimer These slides are provided free of charge at http://www.symbianresources.com and are used during Symbian OS courses at the University of Applied Sciences in Hagenberg, Austria ( http://www.fh-hagenberg.at/ ) Respecting the copyright laws, you are allowed to use them: for your own, personal, non-commercial use in the academic environment In all other cases (e.g. for commercial training), please contact andreas.jakl@fh-hagenberg.at The correctness of the contents of these materials cannot be guaranteed. Andreas Jakl is not liable for incorrect information or damage that may arise from using the materials. Parts of these materials are based on information from Symbian Press-books published by John Wiley & Sons, Ltd. This document contains copyright materials which are proprietary to Symbian, UIQ, Nokia and SonyEricsson. “S60™” is a trademark of Nokia. “UIQ™” is a trademark of UIQ Technology. Pictures of mobile phones or applications are copyright their respective manufacturers / developers. “Symbian ™”, “Symbian OS ™” and all other Symbian-based marks and logos are trademarks of Symbian Software Limited and are used under license. © Symbian Software Limited 2006. Andreas Jakl, 2009 2
Contents Platform Security Trust Model Capabilities Data Caging Identifiers (UID, SID, VID) Developer Certificates Symbian Signed(Open Signed, Express Signed, Certified Signing) Andreas Jakl, 2009 3
S60 Compatibility Andreas Jakl, 2009 4 Symbian Foundation Symbian OS 9 Some migrationneeded Totalbinarybreak Compatibility FPn FP1 (adds touch support) S60 5th Edition FP2 FP1 Compatibility S60 3rd Edition FP3 FP2 FP1 Compatibility S60 2nd Edition S60 1st Edition No 4th Edition: Unlucky number in Asia
Motivation for OS 9 Expand market from High-End to Mid-Tier Cheaper manufacturing Demands of shareholders Licensees and network operators Market Secure, robust and efficient phones DRM and m-Commerce Platform for mass market services Andreas Jakl, 2009 5
Improvements in OS 9 HardReal-time Kernel (EKA2) New tool chain (ARM Application Binary Interface, ABI) Platform Security Additional concepts for Inter Process Communication (IPC, e.g. Publish & Subscribe) Closer to ISO C++ However: No binary compatibility to < v8 Several source compatibility breaks Andreas Jakl, 2009 6
Compiler Pre-v9: GCC 2.98 ARM RVCT Compiler Makes optimal use of ARM v5, v6, … 5-10% smaller application size, better performance Used to compile Symbian OS and ROM-applications GCC-E (2.9) Free compiler (comes with Carbide.c++) Used for most 3rd party applications Both compilers compatible because of EABI Andreas Jakl, 2009 7
Closer to ISO C++ Supports try/catch/throw For porting from other platforms Can not be combined with Symbian OS system APIs  continue using TRAP/Leave for your own projects! Writable static data for DLLs Simplified porting process Downside: large overhead Andreas Jakl, 2009 8
P.I.P.S. / OpenC Available since 2007 P.I.P.S: Allows using C standard libraries (POSIX) on Symbian OS OpenC (Nokia) adds additional libraries Useful for porting applications and game development UI development still requires Symbian-dialect of C++ Andreas Jakl, 2009 9
Symbian OS v9.5 Some highlights: Performance improvements e.g. Demand Paging: Phone loads only required parts of an DLL instead of the whole file  performance boost Application start-up time improved by up to 75% SQL integrated New API for all location based services “FreeWay”: Better networking Seamless switching from Wi-Fi to 3G networks for VoIP, email, ... “ScreenPlay” and new multimedia features e.g. different UI layers, UI acceleration, panorama stitching, red eye correction Digital TV (DVB-H, ISDB-T) ActiveSync support Andreas Jakl, 2009 10
Platform Security The concepts behind … Andreas Jakl, 2009 11
Pre-v9: Perimeter Security Security checks User is asked during installation Checks origin of application After installation: complete access to device Symbian Signed No trust-warning during installation Same access rights as unsinged apps. Andreas Jakl, 2009 12
Platform Security – Reasons Trust Access to private data Security Cost control Compromise important telephone functionality Protection Software ownership DRM Andreas Jakl, 2009 13 
Platform Security – User Side With Platform Security normal users have … No surprise on their telephone bill No virus Phone simply works when needed Private data stays private … don’t have … Cryptic security warnings A lot of security decisions Andreas Jakl, 2009 14
What is it all about? Platform Security IS: Protection of telephone integrity Protection of sensitive data Controlled access to sensitive functionality is NOT: Encryption of data Virus-Scanning Key management (Public Key Infrastructure) Andreas Jakl, 2009 15  X
Platform Security – Concepts Andreas Jakl, 2009 16
Trust Model Andreas Jakl, 2009 17
What’s “Trust”? Process = unit of memory protection (virtual address space) = smallest unit of trust Platform security controls what a process can do OS prevents access service-request if process does not possess required privilege (= it’s not trustworthy enough) Andreas Jakl, 2009 18
Trust Model Andreas Jakl, 2009 19 Trusted Computing Environment (TCE)Servers run at different restricted system privileges. Protect the phone resources from misuse. Trusted Computing Base (TCB)As small as possible (kernel, s/w install, file system access). Responsible for integrity of the system. WriteUserData ETel ReadUser Data NetworkServices ESock Messaging TCB WServ L.B.S. Contacts,Agenda Untrusted Applications Applications that are self-signed and do not require capabilities. Trusted Applications User can grant these capabilities at install time OR applications can be signed for them LocalServices UserEnvironment
Additional Details Trusted Computing Base (TCB) Highest level of privilege, careful code checks Trusted Computing Environment (TCE) Each component only has privileges to carry out defined services e.g. Window Server (WServ): Privileged access to screen, no phone network required Provides APIs for software outside TCE Only TCE needs to communicate with hardware TCE-Servers responsible for moderating and protecting resources Communication using client-server framework Andreas Jakl, 2009 20
Additional Details Trusted (Signed) Applications Need privileges to access services provided by TCE (= app. needs to be signed) Various signing methods available(Symbian Signed) Untrusted software … is “self-signed” (own, temporary certificate) Enough for e.g. Solitaire game, etc. Andreas Jakl, 2009 21
Capability Model Defining privileges: Andreas Jakl, 2009 22
Capabilities – Model „How trustworthy is the application?“ The closer to the kernel, the more trustworthy it has to be Capabilities check level of trust Have to be defined for an application when compiling Managed by the kernel Can not be modified after installation Defined for each process Choose capabilities depending on required functionality Andreas Jakl, 2009 23
Capabilities User Capabilities Can be allowed by the user Easy to understand App. has to be at least self-signed System Capabilities App. has to be Symbian Signed Apps can go deeper into the system Self-signed Applications Access to functions that don’t require capabilities + those that can be allowed by the user (User Capabilities) Andreas Jakl, 2009 24
API Access Andreas Jakl, 2009 25 Self-Signed (~ 60%)Not classified, no capability associated Basic Capabilities Symbian Signed (~ 40%) APIs can be accessed only through signing the application User-Grantable Capabilities – warning upon installation when self-signed. Extended Capabilities Phone manufacturer approval
Capabilities – Overview Andreas Jakl, 2009 26 ,[object Object]
SurroundingsDD (access according device drvs.)
ProtServ (Start reg. server with prot. name),[object Object]
More about Capabilities Capabilities are not hierarchical Having TCB-capability != having everything else Each capability allows access to specific protected resource Kernel holds list of capabilities of each process When offering services: Kernel can be asked to check capabilities of calling process Software Installer Gatekeeper, validates if program is authorized Refuses to install if it’s not Andreas Jakl, 2009 28
Verification of Capabilities Required capabilities can depend on parameters Example: CFileMan::Copy() Checks for AllFiles-Capability when accessing secured directories (e.g. rivateamp;lt;other SIDamp;gt;) Not checked when accessing public orown directory (rivateamp;lt;own SID>  AllFiles normally not needed Andreas Jakl, 2009 29
Verification of Capabilities Rule 1: Capabilities of a process never change No method to extend or to limit capabilities Not even through loading DLLs Rule 2: Process can not load DLL with less capabilities than it has itself DLL-Code runs with the capabilities of the process DLL can have more capabilities Andreas Jakl, 2009 30
Implications DLLs with interfaces have to have enough rights e.g. simple signal processing DLL might need capabilities for accessing telephony functionality as well Plug-in DLLs run with same rights as the host process e.g. MTMs have the same trust-level as the messaging server Andreas Jakl, 2009 31
Capabilities – Client/Server Capabilities checked at process boundaries Calling process: Must have enough capabilities for calling Server-API Andreas Jakl, 2009 32 ABC.exe C32exe.exe ETEL-Server C32-Server App.Thread NetworkServices NetworkServices RCall::Dial(n) Processboundary Kernel Logical DD IPC CommDD Capabilities Physical DD
Capability Scanner Available in Carbide.c++ 1.3+ Gives an estimate of which capabilities might be required (static code analysis) Project  Run Capability Scanner on Project MMP... Andreas Jakl, 2009 33
Capabilities in the Emulator Possible to develop without capability restrictions in the emulator Capability checking can be (de)activated in the emulator options Issues a warning if a required capability is not defined Andreas Jakl, 2009 34
Data Caging Preserve security of important files Andreas Jakl, 2009 35
Data Caging – Overview Andreas Jakl, 2009 36
Symbian OS 9.x Symbian OS, pre-V9 Data Caging App. only has access to: Own directories “Open” directories Access based on capabilities and identity Andreas Jakl, 2009 37 Separating code and data! ystemppsourneyourney.app ysinourney.exe ystemppsourneyourney.mbm esourceppsourney.mbm ystemppsourneyourney.rsc rivate0003a3fourney.rsc
Data Caging – Directories Andreas Jakl, 2009 38
More about directories Data caging provides secure area for application’s data All executables installed to ysin Risk of filename clashes – use your unique UID as part of the executable filename Removable drives:Hash stored to c:ysashPrevents execution of modified executables Andreas Jakl, 2009 39
Identifiers 32 bit-numbers that identify your executable: Andreas Jakl, 2009 40
Unique Identifier (UID) Uniquely identify binary file Built into first 12 bytes of any Symbian OS file UID 1 (Target type) Application type (exe for OS v9+, dll <=OS v8) UID 2 Subdivides certain target types (static / polymorphic DLLs) UID 3 Unique identification for binary. UID requested and assigned through Symbian for commercial applications (get one at www.symbiansigned.com) Andreas Jakl, 2009 41 MMP File Editor in Carbide.c++
UID3 Ranges Error messagewheninstalling on thedevice Usecorrect UID3 (changing UID: Search/Replace in *.* + subdirectorieswith a texteditor) Andreas Jakl, 2009 42 Protected(SymbianSigned) Unprotected (unsigned)
Secure Identifier (SID) Secure ID (SID) = Unique identifier for each executable Locally unique (on the device) Used for: Access to which private directory (rivateamp;lt;SID> Identification for IPC (Inter Process Communication) Default: Same as UID3 (recommended!) Andreas Jakl, 2009 43
Vendor Identifier (VID) Vendor Identifier (VID) = Unique identifier for software vendor Globally unique through Symbian Signed Unsigned apps: no VID Used for: Limit access, e.g. for internal APIs, only accessible for Nokia IPC Note: SID / VID not relevant for DLLs, execute within process of .exe and use their SID / VID Andreas Jakl, 2009 44
Symbian Signed Testing applications: Andreas Jakl, 2009 45
Symbian Signed Self-Signed application: Security warning during installation Only access to user capabilities Reasons for signing: Prevent sabotage of installation files (.sis) Identification of the software developer Extended access to APIs (Capabilities) Get rid of warning during installation Signing through: Independent Test Houses (traditionally) Includes test of the application Andreas Jakl, 2009 46
Overview Andreas Jakl, 2009 47
Signing Programs New signing process starting with Q4 / 2007: Andreas Jakl, 2009 48
Self Signed Can be used for testing and distribution ... if no or only user-grantable capabilities are required Andreas Jakl, 2009 49
Open Signed Certification for testing (not for sale!) Without Publisher ID: Upload application to website URL to signed app sent per email Restricted to one IMEI Completely free, valid for 36 months With Publisher ID: Signing works offline through Developer Certificate Valid for 36 months < 1000 IMEIs Andreas Jakl, 2009 50
Open Signed – Developer Certificates Requires Publisher ID Allows offline signing (open signed) for accessing (nearly) all capabilities Certificate limited to < 1000 devices Valid for 36 months (to prevent distribution) Only for devices – development using the emulator possible without certificates! Request:Through DevCertRequest-Tool from www.symbiansigned.com Andreas Jakl, 2009 51
Express Signed Certification for sale No security warnings Developer tests the application ... but some apps may be tested and results audited Valid for 10 years Costs Publisher ID (USD 200 / year), but also possible through publishing partners 20 USD / submission Andreas Jakl, 2009 52
Certified Signed Most trusted option Tests done by independent test house Quite expensive Takes about one week Faster signing available, but even more expensive Certified after passing tests Andreas Jakl, 2009 53
Certified Signed Andreas Jakl, 2009 54 Applyfor Publisher ID (TrustCenter) Registration, legal work Payfortestinground(s) Gettestingreport Time 1 2 3 4 5 6 7 Download ID and signapplication Upload app. fortesting Download signedapp. USD 200/year Resubmissions: €160 each Price 1 5 5 5 First test: Activecontent: starting at €185 Passive content*: starting at €40 * eg. themes
Software Installation Andreas Jakl, 2009 55 Root-certificate is stored to the device Signature-validation against certificate Software Installer (Device) Symbian Signed Software installed on the device Root certificate Signing key certified against root certificate Package delivered for installation Installation Package (.sis) Signing Key Signature Installation package is signed with the key
Application Tests Some examples: Friendly to the system? (Using system features like calendar or making a call while app. is running) Stress tests (Start camera, fast key presses, remove MMC or battery, …) Low memory during start-up or while application is running De-Installation removes all files? … https://www.symbiansigned.com/app/page/overview/testcriteria Andreas Jakl, 2009 56
Certificate Error Messages Overviewabouterrorsandpossiblesolutions: http://blogs.forum.nokia.com/view_entry.html?id=93 Andreas Jakl, 2009 57
Test your Knowledge Did you understand everything? Andreas Jakl, 2009 58
Quiz Situation: A Bluetooth-game (game.exe, Capability: LocalServices) loads and uses an engine-DLL (gameEngine.dll, without Capabilities), which only handles game statistics. Question: Can game.exe load gameEngine.dll? Andreas Jakl, 2009 59 ?
Quiz Answer: No, the engine can not be loaded Reason: App. can’t load DLL with less capabilities than itself DLL runs with same Capabilities as the app.! Capabilities set for the whole process Andreas Jakl, 2009 60
ASD-like Question – Easy Which of the following statements about Symbian OS capabilities are incorrect? A. The capabilities of executable code are specified using the CAPABILITY keyword in the MMP file. B. The following specification in an MMP file grants privilege to access the user’s files stored anywhere on the phone or removable media:CAPABILITY ReadUserData C. The following specification in an MMP file allows the code to power down the phone:CAPABILITY PowerMgmt D. The capabilities of an application can be boosted by calling User::SetCapability(). E. The following statement in an MMP file will grant the binary SwEvent capability in emulator and hardware builds:PlatSecDisabledCapsSwEvent Andreas Jakl, 2009 61 Copyright Meme Education, 2006 http://www.meme-education.com/
Solution A.Correct. B. Incorrect. The “ReadUserData”-capability only allows accessing private data of the user (like calendar, contacts), but not to all his files. C. Correct. D. Incorrect. The capabilites of a process never change during its lifetime. E. Incorrect. Parts of the platform security can only be disabled in the emulator, not on the device. Andreas Jakl, 2009 62
ASD-like Question – Medium Which of the following statements about data-caging on Symbian OS are correct? A. Executable code can be installed into and executed from any subdirectory of ystem B. The esource directory can be used to store writable configuration files. C. A DLL with a Secure Identifier of 0x20005268 owns a private data-caged directory called rivate0005268. D. A private data-caged directory can only be accessed by the owning process and other processes with AllFiles capability E. Symbian OS provides a special directory on removable media which is used to detect whether executable code, installed to the card, has been tampered with. Andreas Jakl, 2009 63 Copyright Meme Education, 2006 http://www.meme-education.com/
Solution A.Incorrect. The directory which allows executing binaries is called ys instead of ystem starting with Symbian OS 9. B. Incorrect. The private directory can be used to store configuration files. For normal apps without the TCB-capability, the resource-directory is read-only. C. Incorrect. DLLs do not have their own private directory. They use the same as their owning process. D. Correct. E. Incorrect. Storing this information on the removable media would not make sense. The correct directory is: c:ysash Andreas Jakl, 2009 64
ASD-like Question Which of the following statements about the groups of Symbian OS capabilities are incorrect? A. User capabilities are those capabilities which the user may grant at installation time, if a SIS file is not itself already signed for those capabilities. B. The user can decide whether to install code that reveals their location. C. The user can decide whether to install code that accesses and modifies the system settings of their phone. D. Installable software that needs system capabilities must be certified by a trusted body, such as a test house operating on behalf of Symbian Signed, before it can be installed and tested by the developer. E. Installable software that only needs user capabilities (or no capabilities at all) does not need to be certified by a trusted body such as Symbian Signed before it can be installed and tested. Andreas Jakl, 2009 65 Copyright Meme Education, 2006 http://www.meme-education.com/
Solution A.Correct. B. Correct. C. Incorrect. The user can only take decisions related to himself, but not to the phone integrity. Modifying system settings is not user-grantable and requires Symbian Signed. D. Incorrect. The developer can get a “developer certificate” to test an application on devices prior to sending it in for Symbian Signed-testing. E. Correct. Andreas Jakl, 2009 66

Recommended

Introduction to Mobile Development
Introduction to Mobile DevelopmentIntroduction to Mobile Development
Introduction to Mobile Development
Pragnesh Vaghela
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Android ppt
Android pptAndroid ppt
Android ppt
Ansh Singh
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar report
AbhayNaik8
 
Android Architecture
Android ArchitectureAndroid Architecture
Android Architecture
deepakshare
 
Android architecture
Android architectureAndroid architecture
Android architecture
poojapainter
 
Presentation on Android application
Presentation on Android applicationPresentation on Android application
Presentation on Android application
Atibur Rahman
 
Android concurrency
Android concurrencyAndroid concurrency
Android concurrency
Ruslan Novikov
 

Recommended

Introduction to Mobile Development
Introduction to Mobile DevelopmentIntroduction to Mobile Development
Introduction to Mobile Development
Pragnesh Vaghela
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Android ppt
Android pptAndroid ppt
Android ppt
Ansh Singh
 
penetration test using Kali linux seminar report
penetration test using Kali linux seminar reportpenetration test using Kali linux seminar report
penetration test using Kali linux seminar report
AbhayNaik8
 
Android Architecture
Android ArchitectureAndroid Architecture
Android Architecture
deepakshare
 
Android architecture
Android architectureAndroid architecture
Android architecture
poojapainter
 
Presentation on Android application
Presentation on Android applicationPresentation on Android application
Presentation on Android application
Atibur Rahman
 
Android concurrency
Android concurrencyAndroid concurrency
Android concurrency
Ruslan Novikov
 
Tutorial ranorex
Tutorial ranorexTutorial ranorex
Tutorial ranorex
radikalzen
 
mobile Os
mobile Osmobile Os
mobile Os
Abhishek Singh
 
Mobile operating system (os)
Mobile operating system (os)Mobile operating system (os)
Mobile operating system (os)
AMIT GUPTA
 
Mobile Programming
Mobile Programming Mobile Programming
Mobile Programming
Mobile Programming LLC
 
Android Development: The Basics
Android Development: The BasicsAndroid Development: The Basics
Android Development: The Basics
Mike Desjardins
 
History and development of Android OS
History and development of Android OSHistory and development of Android OS
History and development of Android OS
usernameleon
 
Android ppt
Android pptAndroid ppt
Android ppt
Sunil Kumar
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
zeelpatel0504
 
Android Platform Architecture
Android Platform ArchitectureAndroid Platform Architecture
Android Platform Architecture
Naresh Chintalcheru
 
Android ppt
Android pptAndroid ppt
Android ppt
Prasadbharatiyudu
 
Mobile Operating System
Mobile Operating SystemMobile Operating System
Mobile Operating System
Sonal Poddar
 
Android Operating System (Androrid OS)
Android Operating System (Androrid OS)Android Operating System (Androrid OS)
Android Operating System (Androrid OS)
Siddharth Belbase
 
Android Security
Android SecurityAndroid Security
Android Security
Arqum Ahmad
 
Android ppt
Android ppt Android ppt
Android ppt
Basavaraj Amogi
 
Android presentation slide
Android presentation slideAndroid presentation slide
Android presentation slide
APSMIND TECHNOLOGY PVT LTD.
 
The Android Story - versions and history
The Android Story - versions and history The Android Story - versions and history
The Android Story - versions and history
Devakumar Kp
 
Mobile Application Testing by Javed Ansari
Mobile Application Testing by Javed AnsariMobile Application Testing by Javed Ansari
Mobile Application Testing by Javed Ansari
Javed Ansari
 
Mobile application development ppt
Mobile application development pptMobile application development ppt
Mobile application development ppt
tirupathinews
 
Symbian os
Symbian osSymbian os
Symbian os
Amit Tyagi
 
Android Components
Android ComponentsAndroid Components
Android Components
Aatul Palandurkar
 
Symbian Operating system
Symbian Operating systemSymbian Operating system
Symbian Operating system
Pravin Shinde
 
Symbian OS
Symbian OSSymbian OS
Symbian OS
Deva Singh
 

More Related Content

What's hot

Tutorial ranorex
Tutorial ranorexTutorial ranorex
Tutorial ranorex
radikalzen
 

What's hot (20)

Tutorial ranorex
Tutorial ranorexTutorial ranorex
Tutorial ranorex
 
mobile Os
mobile Osmobile Os
mobile Os
 
Mobile operating system (os)
Mobile operating system (os)Mobile operating system (os)
Mobile operating system (os)
 
Mobile Programming
Mobile Programming Mobile Programming
Mobile Programming
 
Android Development: The Basics
Android Development: The BasicsAndroid Development: The Basics
Android Development: The Basics
 
History and development of Android OS
History and development of Android OSHistory and development of Android OS
History and development of Android OS
 
Android ppt
Android pptAndroid ppt
Android ppt
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
 
Android Platform Architecture
Android Platform ArchitectureAndroid Platform Architecture
Android Platform Architecture
 
Android ppt
Android pptAndroid ppt
Android ppt
 
Mobile Operating System
Mobile Operating SystemMobile Operating System
Mobile Operating System
 
Android Operating System (Androrid OS)
Android Operating System (Androrid OS)Android Operating System (Androrid OS)
Android Operating System (Androrid OS)
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android ppt
Android ppt Android ppt
Android ppt
 
Android presentation slide
Android presentation slideAndroid presentation slide
Android presentation slide
 
The Android Story - versions and history
The Android Story - versions and history The Android Story - versions and history
The Android Story - versions and history
 
Mobile Application Testing by Javed Ansari
Mobile Application Testing by Javed AnsariMobile Application Testing by Javed Ansari
Mobile Application Testing by Javed Ansari
 
Mobile application development ppt
Mobile application development pptMobile application development ppt
Mobile application development ppt
 
Symbian os
Symbian osSymbian os
Symbian os
 
Android Components
Android ComponentsAndroid Components
Android Components
 

Viewers also liked

Viewers also liked (9)

Symbian Operating system
Symbian Operating systemSymbian Operating system
Symbian Operating system
 
Symbian OS
Symbian OSSymbian OS
Symbian OS
 
Symbian OS
Symbian OSSymbian OS
Symbian OS
 
Symbian mobile operating system ppt
Symbian mobile operating system pptSymbian mobile operating system ppt
Symbian mobile operating system ppt
 
Quickstart: Qt for Windows, Symbian and Maemo / Meego v2.0.8 (January 10th, 2...
Quickstart: Qt for Windows, Symbian and Maemo / Meego v2.0.8 (January 10th, 2...Quickstart: Qt for Windows, Symbian and Maemo / Meego v2.0.8 (January 10th, 2...
Quickstart: Qt for Windows, Symbian and Maemo / Meego v2.0.8 (January 10th, 2...
 
Symbian OS Overview
Symbian OS OverviewSymbian OS Overview
Symbian OS Overview
 
Symbian OS - GUI Architectures
Symbian OS - GUI ArchitecturesSymbian OS - GUI Architectures
Symbian OS - GUI Architectures
 
Symbian os presentation
Symbian os presentationSymbian os presentation
Symbian os presentation
 
Seminar report on Symbian OS
Seminar report on Symbian OSSeminar report on Symbian OS
Seminar report on Symbian OS
 

Similar to Symbian OS - Platform Security

Java ME - 01 - Overview
Java ME - 01 - OverviewJava ME - 01 - Overview
Java ME - 01 - Overview
Andreas Jakl
 
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Toshiharu Harada, Ph.D
 
Symbian OS - Quick Start
Symbian OS - Quick StartSymbian OS - Quick Start
Symbian OS - Quick Start
Andreas Jakl
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
Paris Open Source Summit
 
Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zone
The Linux Foundation
 
Mobile operating system..
Mobile operating system..Mobile operating system..
Mobile operating system..
Aashish Uppal
 
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems ToolboxEclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
Brett Hackleman
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public Cloud
Rochester Security Summit
 

Similar to Symbian OS - Platform Security (20)

Symbian OS - Client Server Framework
Symbian OS - Client Server FrameworkSymbian OS - Client Server Framework
Symbian OS - Client Server Framework
 
What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?What is needed in the next generation cloud trusted platform ?
What is needed in the next generation cloud trusted platform ?
 
Java ME - 01 - Overview
Java ME - 01 - OverviewJava ME - 01 - Overview
Java ME - 01 - Overview
 
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Symbian OS - Quick Start
Symbian OS - Quick StartSymbian OS - Quick Start
Symbian OS - Quick Start
 
Symbian OS - Multimedia Framework
Symbian OS - Multimedia FrameworkSymbian OS - Multimedia Framework
Symbian OS - Multimedia Framework
 
Android
AndroidAndroid
Android
 
Zerovm backgroud
Zerovm backgroudZerovm backgroud
Zerovm backgroud
 
Symbian Os
Symbian OsSymbian Os
Symbian Os
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overview
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
 
Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zone
 
Mobile operating system..
Mobile operating system..Mobile operating system..
Mobile operating system..
 
Mobile Ecosystem
Mobile EcosystemMobile Ecosystem
Mobile Ecosystem
 
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model
 
IT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGIT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTING
 
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems ToolboxEclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
EclipseEmbeddedDay2009-OSGi: Best Tool In Your Embedded Systems Toolbox
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public Cloud
 

More from Andreas Jakl

Create Engaging Healthcare Experiences with Augmented Reality
Create Engaging Healthcare Experiences with Augmented RealityCreate Engaging Healthcare Experiences with Augmented Reality
Create Engaging Healthcare Experiences with Augmented Reality
Andreas Jakl
 
AR / VR Interaction Development with Unity
AR / VR Interaction Development with UnityAR / VR Interaction Development with Unity
AR / VR Interaction Development with Unity
Andreas Jakl
 
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Andreas Jakl
 
Mobile Test Automation
Mobile Test AutomationMobile Test Automation
Mobile Test Automation
Andreas Jakl
 
WinJS, Apache Cordova & NFC - HTML5 apps for Android and Windows Phone
WinJS, Apache Cordova & NFC - HTML5 apps for Android and Windows PhoneWinJS, Apache Cordova & NFC - HTML5 apps for Android and Windows Phone
WinJS, Apache Cordova & NFC - HTML5 apps for Android and Windows Phone
Andreas Jakl
 
Windows 8 Platform NFC Development
Windows 8 Platform NFC DevelopmentWindows 8 Platform NFC Development
Windows 8 Platform NFC Development
Andreas Jakl
 
NFC Development with Qt - v2.2.0 (5. November 2012)
NFC Development with Qt - v2.2.0 (5. November 2012)NFC Development with Qt - v2.2.0 (5. November 2012)
NFC Development with Qt - v2.2.0 (5. November 2012)
Andreas Jakl
 
06 - Qt Communication
06 - Qt Communication06 - Qt Communication
06 - Qt Communication
Andreas Jakl
 
05 - Qt External Interaction and Graphics
05 - Qt External Interaction and Graphics05 - Qt External Interaction and Graphics
05 - Qt External Interaction and Graphics
Andreas Jakl
 

More from Andreas Jakl (20)

Create Engaging Healthcare Experiences with Augmented Reality
Create Engaging Healthcare Experiences with Augmented RealityCreate Engaging Healthcare Experiences with Augmented Reality
Create Engaging Healthcare Experiences with Augmented Reality
 
AR / VR Interaction Development with Unity
AR / VR Interaction Development with UnityAR / VR Interaction Development with Unity
AR / VR Interaction Development with Unity
 
Android Development with Kotlin, Part 3 - Code and App Management
Android Development with Kotlin, Part 3 - Code and App ManagementAndroid Development with Kotlin, Part 3 - Code and App Management
Android Development with Kotlin, Part 3 - Code and App Management
 
Android Development with Kotlin, Part 2 - Internet Services and JSON
Android Development with Kotlin, Part 2 - Internet Services and JSONAndroid Development with Kotlin, Part 2 - Internet Services and JSON
Android Development with Kotlin, Part 2 - Internet Services and JSON
 
Android Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - IntroductionAndroid Development with Kotlin, Part 1 - Introduction
Android Development with Kotlin, Part 1 - Introduction
 
Android and NFC / NDEF (with Kotlin)
Android and NFC / NDEF (with Kotlin)Android and NFC / NDEF (with Kotlin)
Android and NFC / NDEF (with Kotlin)
 
Basics of Web Technologies
Basics of Web TechnologiesBasics of Web Technologies
Basics of Web Technologies
 
Bluetooth Beacons - Bluetooth 5, iBeacon, Eddystone, Arduino, Windows 10 & More
Bluetooth Beacons - Bluetooth 5, iBeacon, Eddystone, Arduino, Windows 10 & MoreBluetooth Beacons - Bluetooth 5, iBeacon, Eddystone, Arduino, Windows 10 & More
Bluetooth Beacons - Bluetooth 5, iBeacon, Eddystone, Arduino, Windows 10 & More
 
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
Which new scenarios are enabled by Windows 10 for NFC, Bluetooth LE & Beacons?
 
Mobile Test Automation
Mobile Test AutomationMobile Test Automation
Mobile Test Automation
 
Qt App Development - Cross-Platform Development for Android, iOS, Windows Pho...
Qt App Development - Cross-Platform Development for Android, iOS, Windows Pho...Qt App Development - Cross-Platform Development for Android, iOS, Windows Pho...
Qt App Development - Cross-Platform Development for Android, iOS, Windows Pho...
 
WinJS, Apache Cordova & NFC - HTML5 apps for Android and Windows Phone
WinJS, Apache Cordova & NFC - HTML5 apps for Android and Windows PhoneWinJS, Apache Cordova & NFC - HTML5 apps for Android and Windows Phone
WinJS, Apache Cordova & NFC - HTML5 apps for Android and Windows Phone
 
Nokia New Asha Platform Developer Training
Nokia New Asha Platform Developer TrainingNokia New Asha Platform Developer Training
Nokia New Asha Platform Developer Training
 
Windows Phone 8 NFC Quickstart
Windows Phone 8 NFC QuickstartWindows Phone 8 NFC Quickstart
Windows Phone 8 NFC Quickstart
 
Windows (Phone) 8 NFC App Scenarios
Windows (Phone) 8 NFC App ScenariosWindows (Phone) 8 NFC App Scenarios
Windows (Phone) 8 NFC App Scenarios
 
Windows 8 Platform NFC Development
Windows 8 Platform NFC DevelopmentWindows 8 Platform NFC Development
Windows 8 Platform NFC Development
 
NFC Development with Qt - v2.2.0 (5. November 2012)
NFC Development with Qt - v2.2.0 (5. November 2012)NFC Development with Qt - v2.2.0 (5. November 2012)
NFC Development with Qt - v2.2.0 (5. November 2012)
 
06 - Qt Communication
06 - Qt Communication06 - Qt Communication
06 - Qt Communication
 
05 - Qt External Interaction and Graphics
05 - Qt External Interaction and Graphics05 - Qt External Interaction and Graphics
05 - Qt External Interaction and Graphics
 
04 - Qt Data
04 - Qt Data04 - Qt Data
04 - Qt Data
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Symbian OS - Platform Security

  • 1. Symbian OS Symbian OS 9,Platform Security v2.1a – 17 January 2009 1 Andreas Jakl, 2009
  • 2. Disclaimer These slides are provided free of charge at http://www.symbianresources.com and are used during Symbian OS courses at the University of Applied Sciences in Hagenberg, Austria ( http://www.fh-hagenberg.at/ ) Respecting the copyright laws, you are allowed to use them: for your own, personal, non-commercial use in the academic environment In all other cases (e.g. for commercial training), please contact andreas.jakl@fh-hagenberg.at The correctness of the contents of these materials cannot be guaranteed. Andreas Jakl is not liable for incorrect information or damage that may arise from using the materials. Parts of these materials are based on information from Symbian Press-books published by John Wiley & Sons, Ltd. This document contains copyright materials which are proprietary to Symbian, UIQ, Nokia and SonyEricsson. “S60™” is a trademark of Nokia. “UIQ™” is a trademark of UIQ Technology. Pictures of mobile phones or applications are copyright their respective manufacturers / developers. “Symbian ™”, “Symbian OS ™” and all other Symbian-based marks and logos are trademarks of Symbian Software Limited and are used under license. © Symbian Software Limited 2006. Andreas Jakl, 2009 2
  • 3. Contents Platform Security Trust Model Capabilities Data Caging Identifiers (UID, SID, VID) Developer Certificates Symbian Signed(Open Signed, Express Signed, Certified Signing) Andreas Jakl, 2009 3
  • 4. S60 Compatibility Andreas Jakl, 2009 4 Symbian Foundation Symbian OS 9 Some migrationneeded Totalbinarybreak Compatibility FPn FP1 (adds touch support) S60 5th Edition FP2 FP1 Compatibility S60 3rd Edition FP3 FP2 FP1 Compatibility S60 2nd Edition S60 1st Edition No 4th Edition: Unlucky number in Asia
  • 5. Motivation for OS 9 Expand market from High-End to Mid-Tier Cheaper manufacturing Demands of shareholders Licensees and network operators Market Secure, robust and efficient phones DRM and m-Commerce Platform for mass market services Andreas Jakl, 2009 5
  • 6. Improvements in OS 9 HardReal-time Kernel (EKA2) New tool chain (ARM Application Binary Interface, ABI) Platform Security Additional concepts for Inter Process Communication (IPC, e.g. Publish & Subscribe) Closer to ISO C++ However: No binary compatibility to < v8 Several source compatibility breaks Andreas Jakl, 2009 6
  • 7. Compiler Pre-v9: GCC 2.98 ARM RVCT Compiler Makes optimal use of ARM v5, v6, … 5-10% smaller application size, better performance Used to compile Symbian OS and ROM-applications GCC-E (2.9) Free compiler (comes with Carbide.c++) Used for most 3rd party applications Both compilers compatible because of EABI Andreas Jakl, 2009 7
  • 8. Closer to ISO C++ Supports try/catch/throw For porting from other platforms Can not be combined with Symbian OS system APIs  continue using TRAP/Leave for your own projects! Writable static data for DLLs Simplified porting process Downside: large overhead Andreas Jakl, 2009 8
  • 9. P.I.P.S. / OpenC Available since 2007 P.I.P.S: Allows using C standard libraries (POSIX) on Symbian OS OpenC (Nokia) adds additional libraries Useful for porting applications and game development UI development still requires Symbian-dialect of C++ Andreas Jakl, 2009 9
  • 10. Symbian OS v9.5 Some highlights: Performance improvements e.g. Demand Paging: Phone loads only required parts of an DLL instead of the whole file  performance boost Application start-up time improved by up to 75% SQL integrated New API for all location based services “FreeWay”: Better networking Seamless switching from Wi-Fi to 3G networks for VoIP, email, ... “ScreenPlay” and new multimedia features e.g. different UI layers, UI acceleration, panorama stitching, red eye correction Digital TV (DVB-H, ISDB-T) ActiveSync support Andreas Jakl, 2009 10
  • 11. Platform Security The concepts behind … Andreas Jakl, 2009 11
  • 12. Pre-v9: Perimeter Security Security checks User is asked during installation Checks origin of application After installation: complete access to device Symbian Signed No trust-warning during installation Same access rights as unsinged apps. Andreas Jakl, 2009 12
  • 13. Platform Security – Reasons Trust Access to private data Security Cost control Compromise important telephone functionality Protection Software ownership DRM Andreas Jakl, 2009 13 
  • 14. Platform Security – User Side With Platform Security normal users have … No surprise on their telephone bill No virus Phone simply works when needed Private data stays private … don’t have … Cryptic security warnings A lot of security decisions Andreas Jakl, 2009 14
  • 15. What is it all about? Platform Security IS: Protection of telephone integrity Protection of sensitive data Controlled access to sensitive functionality is NOT: Encryption of data Virus-Scanning Key management (Public Key Infrastructure) Andreas Jakl, 2009 15  X
  • 16. Platform Security – Concepts Andreas Jakl, 2009 16
  • 17. Trust Model Andreas Jakl, 2009 17
  • 18. What’s “Trust”? Process = unit of memory protection (virtual address space) = smallest unit of trust Platform security controls what a process can do OS prevents access service-request if process does not possess required privilege (= it’s not trustworthy enough) Andreas Jakl, 2009 18
  • 19. Trust Model Andreas Jakl, 2009 19 Trusted Computing Environment (TCE)Servers run at different restricted system privileges. Protect the phone resources from misuse. Trusted Computing Base (TCB)As small as possible (kernel, s/w install, file system access). Responsible for integrity of the system. WriteUserData ETel ReadUser Data NetworkServices ESock Messaging TCB WServ L.B.S. Contacts,Agenda Untrusted Applications Applications that are self-signed and do not require capabilities. Trusted Applications User can grant these capabilities at install time OR applications can be signed for them LocalServices UserEnvironment
  • 20. Additional Details Trusted Computing Base (TCB) Highest level of privilege, careful code checks Trusted Computing Environment (TCE) Each component only has privileges to carry out defined services e.g. Window Server (WServ): Privileged access to screen, no phone network required Provides APIs for software outside TCE Only TCE needs to communicate with hardware TCE-Servers responsible for moderating and protecting resources Communication using client-server framework Andreas Jakl, 2009 20
  • 21. Additional Details Trusted (Signed) Applications Need privileges to access services provided by TCE (= app. needs to be signed) Various signing methods available(Symbian Signed) Untrusted software … is “self-signed” (own, temporary certificate) Enough for e.g. Solitaire game, etc. Andreas Jakl, 2009 21
  • 22. Capability Model Defining privileges: Andreas Jakl, 2009 22
  • 23. Capabilities – Model „How trustworthy is the application?“ The closer to the kernel, the more trustworthy it has to be Capabilities check level of trust Have to be defined for an application when compiling Managed by the kernel Can not be modified after installation Defined for each process Choose capabilities depending on required functionality Andreas Jakl, 2009 23
  • 24. Capabilities User Capabilities Can be allowed by the user Easy to understand App. has to be at least self-signed System Capabilities App. has to be Symbian Signed Apps can go deeper into the system Self-signed Applications Access to functions that don’t require capabilities + those that can be allowed by the user (User Capabilities) Andreas Jakl, 2009 24
  • 25. API Access Andreas Jakl, 2009 25 Self-Signed (~ 60%)Not classified, no capability associated Basic Capabilities Symbian Signed (~ 40%) APIs can be accessed only through signing the application User-Grantable Capabilities – warning upon installation when self-signed. Extended Capabilities Phone manufacturer approval
  • 26.
  • 27. SurroundingsDD (access according device drvs.)
  • 28.
  • 29. More about Capabilities Capabilities are not hierarchical Having TCB-capability != having everything else Each capability allows access to specific protected resource Kernel holds list of capabilities of each process When offering services: Kernel can be asked to check capabilities of calling process Software Installer Gatekeeper, validates if program is authorized Refuses to install if it’s not Andreas Jakl, 2009 28
  • 30. Verification of Capabilities Required capabilities can depend on parameters Example: CFileMan::Copy() Checks for AllFiles-Capability when accessing secured directories (e.g. rivateamp;lt;other SIDamp;gt;) Not checked when accessing public orown directory (rivateamp;lt;own SID>  AllFiles normally not needed Andreas Jakl, 2009 29
  • 31. Verification of Capabilities Rule 1: Capabilities of a process never change No method to extend or to limit capabilities Not even through loading DLLs Rule 2: Process can not load DLL with less capabilities than it has itself DLL-Code runs with the capabilities of the process DLL can have more capabilities Andreas Jakl, 2009 30
  • 32. Implications DLLs with interfaces have to have enough rights e.g. simple signal processing DLL might need capabilities for accessing telephony functionality as well Plug-in DLLs run with same rights as the host process e.g. MTMs have the same trust-level as the messaging server Andreas Jakl, 2009 31
  • 33. Capabilities – Client/Server Capabilities checked at process boundaries Calling process: Must have enough capabilities for calling Server-API Andreas Jakl, 2009 32 ABC.exe C32exe.exe ETEL-Server C32-Server App.Thread NetworkServices NetworkServices RCall::Dial(n) Processboundary Kernel Logical DD IPC CommDD Capabilities Physical DD
  • 34. Capability Scanner Available in Carbide.c++ 1.3+ Gives an estimate of which capabilities might be required (static code analysis) Project  Run Capability Scanner on Project MMP... Andreas Jakl, 2009 33
  • 35. Capabilities in the Emulator Possible to develop without capability restrictions in the emulator Capability checking can be (de)activated in the emulator options Issues a warning if a required capability is not defined Andreas Jakl, 2009 34
  • 36. Data Caging Preserve security of important files Andreas Jakl, 2009 35
  • 37. Data Caging – Overview Andreas Jakl, 2009 36
  • 38. Symbian OS 9.x Symbian OS, pre-V9 Data Caging App. only has access to: Own directories “Open” directories Access based on capabilities and identity Andreas Jakl, 2009 37 Separating code and data! ystemppsourneyourney.app ysinourney.exe ystemppsourneyourney.mbm esourceppsourney.mbm ystemppsourneyourney.rsc rivate0003a3fourney.rsc
  • 39. Data Caging – Directories Andreas Jakl, 2009 38
  • 40. More about directories Data caging provides secure area for application’s data All executables installed to ysin Risk of filename clashes – use your unique UID as part of the executable filename Removable drives:Hash stored to c:ysashPrevents execution of modified executables Andreas Jakl, 2009 39
  • 41. Identifiers 32 bit-numbers that identify your executable: Andreas Jakl, 2009 40
  • 42. Unique Identifier (UID) Uniquely identify binary file Built into first 12 bytes of any Symbian OS file UID 1 (Target type) Application type (exe for OS v9+, dll <=OS v8) UID 2 Subdivides certain target types (static / polymorphic DLLs) UID 3 Unique identification for binary. UID requested and assigned through Symbian for commercial applications (get one at www.symbiansigned.com) Andreas Jakl, 2009 41 MMP File Editor in Carbide.c++
  • 43. UID3 Ranges Error messagewheninstalling on thedevice Usecorrect UID3 (changing UID: Search/Replace in *.* + subdirectorieswith a texteditor) Andreas Jakl, 2009 42 Protected(SymbianSigned) Unprotected (unsigned)
  • 44. Secure Identifier (SID) Secure ID (SID) = Unique identifier for each executable Locally unique (on the device) Used for: Access to which private directory (rivateamp;lt;SID> Identification for IPC (Inter Process Communication) Default: Same as UID3 (recommended!) Andreas Jakl, 2009 43
  • 45. Vendor Identifier (VID) Vendor Identifier (VID) = Unique identifier for software vendor Globally unique through Symbian Signed Unsigned apps: no VID Used for: Limit access, e.g. for internal APIs, only accessible for Nokia IPC Note: SID / VID not relevant for DLLs, execute within process of .exe and use their SID / VID Andreas Jakl, 2009 44
  • 46. Symbian Signed Testing applications: Andreas Jakl, 2009 45
  • 47. Symbian Signed Self-Signed application: Security warning during installation Only access to user capabilities Reasons for signing: Prevent sabotage of installation files (.sis) Identification of the software developer Extended access to APIs (Capabilities) Get rid of warning during installation Signing through: Independent Test Houses (traditionally) Includes test of the application Andreas Jakl, 2009 46
  • 49. Signing Programs New signing process starting with Q4 / 2007: Andreas Jakl, 2009 48
  • 50. Self Signed Can be used for testing and distribution ... if no or only user-grantable capabilities are required Andreas Jakl, 2009 49
  • 51. Open Signed Certification for testing (not for sale!) Without Publisher ID: Upload application to website URL to signed app sent per email Restricted to one IMEI Completely free, valid for 36 months With Publisher ID: Signing works offline through Developer Certificate Valid for 36 months < 1000 IMEIs Andreas Jakl, 2009 50
  • 52. Open Signed – Developer Certificates Requires Publisher ID Allows offline signing (open signed) for accessing (nearly) all capabilities Certificate limited to < 1000 devices Valid for 36 months (to prevent distribution) Only for devices – development using the emulator possible without certificates! Request:Through DevCertRequest-Tool from www.symbiansigned.com Andreas Jakl, 2009 51
  • 53. Express Signed Certification for sale No security warnings Developer tests the application ... but some apps may be tested and results audited Valid for 10 years Costs Publisher ID (USD 200 / year), but also possible through publishing partners 20 USD / submission Andreas Jakl, 2009 52
  • 54. Certified Signed Most trusted option Tests done by independent test house Quite expensive Takes about one week Faster signing available, but even more expensive Certified after passing tests Andreas Jakl, 2009 53
  • 55. Certified Signed Andreas Jakl, 2009 54 Applyfor Publisher ID (TrustCenter) Registration, legal work Payfortestinground(s) Gettestingreport Time 1 2 3 4 5 6 7 Download ID and signapplication Upload app. fortesting Download signedapp. USD 200/year Resubmissions: €160 each Price 1 5 5 5 First test: Activecontent: starting at €185 Passive content*: starting at €40 * eg. themes
  • 56. Software Installation Andreas Jakl, 2009 55 Root-certificate is stored to the device Signature-validation against certificate Software Installer (Device) Symbian Signed Software installed on the device Root certificate Signing key certified against root certificate Package delivered for installation Installation Package (.sis) Signing Key Signature Installation package is signed with the key
  • 57. Application Tests Some examples: Friendly to the system? (Using system features like calendar or making a call while app. is running) Stress tests (Start camera, fast key presses, remove MMC or battery, …) Low memory during start-up or while application is running De-Installation removes all files? … https://www.symbiansigned.com/app/page/overview/testcriteria Andreas Jakl, 2009 56
  • 58. Certificate Error Messages Overviewabouterrorsandpossiblesolutions: http://blogs.forum.nokia.com/view_entry.html?id=93 Andreas Jakl, 2009 57
  • 59. Test your Knowledge Did you understand everything? Andreas Jakl, 2009 58
  • 60. Quiz Situation: A Bluetooth-game (game.exe, Capability: LocalServices) loads and uses an engine-DLL (gameEngine.dll, without Capabilities), which only handles game statistics. Question: Can game.exe load gameEngine.dll? Andreas Jakl, 2009 59 ?
  • 61. Quiz Answer: No, the engine can not be loaded Reason: App. can’t load DLL with less capabilities than itself DLL runs with same Capabilities as the app.! Capabilities set for the whole process Andreas Jakl, 2009 60
  • 62. ASD-like Question – Easy Which of the following statements about Symbian OS capabilities are incorrect? A. The capabilities of executable code are specified using the CAPABILITY keyword in the MMP file. B. The following specification in an MMP file grants privilege to access the user’s files stored anywhere on the phone or removable media:CAPABILITY ReadUserData C. The following specification in an MMP file allows the code to power down the phone:CAPABILITY PowerMgmt D. The capabilities of an application can be boosted by calling User::SetCapability(). E. The following statement in an MMP file will grant the binary SwEvent capability in emulator and hardware builds:PlatSecDisabledCapsSwEvent Andreas Jakl, 2009 61 Copyright Meme Education, 2006 http://www.meme-education.com/
  • 63. Solution A.Correct. B. Incorrect. The “ReadUserData”-capability only allows accessing private data of the user (like calendar, contacts), but not to all his files. C. Correct. D. Incorrect. The capabilites of a process never change during its lifetime. E. Incorrect. Parts of the platform security can only be disabled in the emulator, not on the device. Andreas Jakl, 2009 62
  • 64. ASD-like Question – Medium Which of the following statements about data-caging on Symbian OS are correct? A. Executable code can be installed into and executed from any subdirectory of ystem B. The esource directory can be used to store writable configuration files. C. A DLL with a Secure Identifier of 0x20005268 owns a private data-caged directory called rivate0005268. D. A private data-caged directory can only be accessed by the owning process and other processes with AllFiles capability E. Symbian OS provides a special directory on removable media which is used to detect whether executable code, installed to the card, has been tampered with. Andreas Jakl, 2009 63 Copyright Meme Education, 2006 http://www.meme-education.com/
  • 65. Solution A.Incorrect. The directory which allows executing binaries is called ys instead of ystem starting with Symbian OS 9. B. Incorrect. The private directory can be used to store configuration files. For normal apps without the TCB-capability, the resource-directory is read-only. C. Incorrect. DLLs do not have their own private directory. They use the same as their owning process. D. Correct. E. Incorrect. Storing this information on the removable media would not make sense. The correct directory is: c:ysash Andreas Jakl, 2009 64
  • 66. ASD-like Question Which of the following statements about the groups of Symbian OS capabilities are incorrect? A. User capabilities are those capabilities which the user may grant at installation time, if a SIS file is not itself already signed for those capabilities. B. The user can decide whether to install code that reveals their location. C. The user can decide whether to install code that accesses and modifies the system settings of their phone. D. Installable software that needs system capabilities must be certified by a trusted body, such as a test house operating on behalf of Symbian Signed, before it can be installed and tested by the developer. E. Installable software that only needs user capabilities (or no capabilities at all) does not need to be certified by a trusted body such as Symbian Signed before it can be installed and tested. Andreas Jakl, 2009 65 Copyright Meme Education, 2006 http://www.meme-education.com/
  • 67. Solution A.Correct. B. Correct. C. Incorrect. The user can only take decisions related to himself, but not to the phone integrity. Modifying system settings is not user-grantable and requires Symbian Signed. D. Incorrect. The developer can get a “developer certificate” to test an application on devices prior to sending it in for Symbian Signed-testing. E. Correct. Andreas Jakl, 2009 66
  • 68. Thanks for your attention That’s it! Andreas Jakl, 2009 67