1 / 14

Security in By: Abdulelah Algosaibi

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security. Outline. Introduction about Symbain OS. Vulnerability in Mobile OS. Symbian OS security features.

haviva-stokes
Télécharger la présentation

Security in By: Abdulelah Algosaibi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in • By: Abdulelah Algosaibi • Supervised by: Prof. Michael Rothstein • Summer II 2010: CS 6/79995 Operating System Security

  2. Outline • Introduction about Symbain OS. • Vulnerability in Mobile OS. • Symbian OS security features. • Symbian OS and Principles of Secure Design. • References.

  3. Introduction to the Symbian OS • It is a mobile OS. • Open-design OS. 1# in most smartphone sales. • Symbian OS is the leading OS in the "smart mobile device" market e.g. Fujitsu, Huawei, LG Electronics Nokia, Samsung Electronics, Sharp and Sony Ericsson

  4. Vulnerability in Mobile OS • Become more attractive targets of various malware. • Some of them are allowing access to previously locked system files • Changing how the operating system works. • Worm program. • Hide applications. • … etc. • More advanced, more opportunities to be attacked. • Bluejacking.

  5. Vulnerability in Mobile OS, Cont. • User mistakes. • User may become the reason for the vulnerability! e.g. deleting critical information. Technical failure • System does not work properly e.g. data corruption.

  6. Symbian security features, • Security in Symbian OS categorized in: • Device security mechanisms: Where it concerns the protection of the device itself. • Application security: First lines of attack and for some apps it grants them access to major files. • Communications security: Since it is a mobile device, different kinds of connectivity issues might be involved. • Platform security: An architecture which provides more lines of defending against malicious and bad intended programs. • Content security: It forces protecting the content of the information. Details in next slides,,

  7. Symbian security features • Device security mechanisms: • Device protection: Symbian devices are not well protected against physical attack. Some users may take advantage of the device locked feature. • Device authentication: Some apps need to identify the devices e.g. IMEI number. • User authentication: Users needs to authenticate themselves e.g. PIN code. • Mobile hardware: The point of the focus here is the device integrity e.g. removing the memory card unintentionally

  8. Symbian security features, Cont. • Application security: Applications grant access for example network, devices interface, messaging framework. Of course the user always has the option to cancel the installation. But it is going to cause a serious problem if it falls in the wrong hands. To prevent that, applications need to identify themselves by Secure Identifier SID or Vendor Identifier VID “Symbian Signed”.

  9. Symbian security features, Cont. • Communications security: Symbian devices usually have various connection methods that cause large number of attacksTo prevent this, using strong authentication methods is recommended, e.g. using The Internet protocol version 6 (IPv6) instead of using Internet protocol version 4 (IPv4). • Local connectivities e.g. Bluetooth and IrDA has fewer issues because of its short range.

  10. Symbian security features, Cont. • platform security • Capabilities : Symbian OS controls access to the capabilities by device configuration and the signature of the application. • user capabilities : it grants access to local services e.g. Bluetooth or USB connections. • system capabilities: it grants access to software events e.g. read key pressing or sending message to an application. • restricted capabilities: it grants access to file system administration operations e.g. formating a drive • device manufacturer capabilities: it grants WRITE access to write on TCB which allows to write on \sys or \resource directory. ThisThis capability is from manufacturer-approved category that applications need to have a permission from device manufacturer.

  11. Symbian security features, Cont. • Platform Security, Cont.: • Digital Sign: All Symbian applications must be signed before they can be installed • Data Caging: It means that the applications and the users have access only to certain areas of the file system.

  12. Symbian security features, Cont. • Content Security: Information content security can be done by protecting its confidentiality, integrity, and availability. • Confidentiality: Defines the privacy level of the information. There may be different levels of confidentiality, which are defined by the author and the policies of the system. • Integrity: Classifies information according to its importance to operations. At the highest level of integrity, the information should remain valid at all times. • Availability: Information must be accessible without interruption for operational reasons.

  13. Symbian OS and Principles of Secure Design • Least Privilege • Fail Safe Defaults • Economy of Mechanism • Complete Mediation • Defense in depth • Open Design • Separation of Privilege • Least Common Mechanism • Psychological Acceptability

  14. Refreneses • http://en.wikipedia.org/wiki/Symbian_OS#cite_note-12 • http://developer.symbian.org/main/documentation/reference/s3/pdk/GUID-AB3D07E6-83C9-4948-A13F-75A65498F444.html#GUID-AB3D07E6-83C9-4948-A13F-75A65498F444 • symbianresources.com/tutorials/general/security/PlatformSecurity.pdf • http://www.symbianresources.com/tutorials/general/overview/SymbianOSOverview.pdf • http://developer.symbian.org/wiki/index.php/Client-Server_Framework_%28Fundamentals_of_Symbian_C%2B%2B%29#Overview • http://wapedia.mobi/en/Symbian_OS?t=5.#6. • http://wiki.forum.nokia.com/index.php/LocalServices • http://webcache.googleusercontent.com/search?q=cache:j9V4PI6SNXIJ:www.scribd.com/doc/25769679/

More Related