Symbian OS Platform Security: Software Development Using the Symbian OS Security Architecture
Besorgung - Lieferbarkeit unbestimmt
BeschreibungSymbian OS is an advanced, customizable operating system, which is licensed by the world's leading mobile phone manufacturers. The latest versions incorporate an enhanced security architecture designed to protect the interests of consumers, network operators and software developers.
The new security architecture of Symbian OS v9 is relevant to all security practitioners and will influence the decisions made by every developer that uses Symbian OS in the creation of devices or add-on applications. Symbian OS Platform Security covers the essential concepts and presents the security features with accompanying code examples.
This introductory book highlights and explains:
* the benefits of platform security on mobile devices
* key concepts that underlie the architecture, such as the core principles of 'trust', 'capability' and data 'caging'
* how to develop on a secure platform using real-world examples
* an effective approach to writing secure applications, servers and plug-ins, using real-world examples
* how to receive the full benefit of sharing data safely between applications
* the importance of application certification and signing from the industry 'gatekeepers' of platform security
* a market-oriented discussion of possible future developments in the field of mobile device security
InhaltsverzeichnisAbout This Book.
About the Authors.
PART 1. INTRODUCTION TO SYMBIAN OS PLATFORM SECURITY.
Chapter. 1 Why a Secure Platform?.
1.1 User Expectations of Mobile Phone Security.
1.2 What the Security Architecture Should Provide.
1.3 Challenges and Threats to Mobile Phone Security.
1.4 How Symbian OS Platform Security Fits in the Value Chain?.
1.5 How Application Developers Benefit from the Security Architecture.
Chapter 2. Platform Security Concepts.
2.1 Background Security Principles.
2.2 Architectural Goals.
2.3 First Concept ? The Process is the Unit of Trust.
2.4 Second Concept ? Capabilities Determine Privilege.
2.5 Third Concept ? Data Caging for File Access.
PART 2. HOW TO DEVELOP ON THE SECURE PLATFORM
Chapter 3. The Platform Security Environment.
3.1 Building Your Application.
3.2 Developing on the Emulator.
3.3 Packaging Your Application.
3.4 Testing on Phone Hardware.
Chapter 4. How to Write Secure Applications.
4.1 What is a Secure Application?.
4.2 Analysing the Threats.
4.3 What Countermeasures Can be Taken?.
4.4 Implementation Considerations.
Chapter 5. How to Write Secure Servers.
5.1 What is a Secure Server?.
5.2 Server Threat Modelling.
5.3 Designing Server Security Measures.
5.4 Server Implementation Considerations.
Chapter 6. How to Write Secure Plug-ins.
6.1 What is a Secure Plug-In?.
6.2 ECOM Plug-ins.
6.3 Migrating Existing Plug-ins.
6.4 Converting Plug-ins to Servers.
6.5 Writing New ECOM-based Plug-in Frameworks.
6.6 Non-ECOM Architectures.
Chapter 7. Sharing Data Safely.
7.1 Introduction to Sharing Data.
7.2 Categories of Data.
7.3 Deciding the Level of Trust.
7.4 Attacks on Data and Countermeasures.
7.5 Using System Services.
PART 3. MANAGING PLATFORM SECURITY ATTRIBUTES
Chapter 8. Native Software Install.
8.1 Introduction to the Native Software Installer.
8.2 Validating Capabilities.
8.3 Identifiers, Upgrades, Removals and Special Files.
8.4 SIS File Changes for Platform Security.
8.5 Installing to and from Removable Media.
Chapter 9. Enabling Platform Security.
9.1 Responsibilities in Granting Capabilities.
9.2 Overview of the Signing Process.
9.3 Step-by-step Guide to Signing.
PART 4. THE FUTURE OF MOBILE DEVICE SECURITY
Chapter 10. The Servant in Your Pocket.
10.1 Crystal-Ball Gazing.
10.2 Convergence, Content and Connectivity.
10.3 Enabling New Services.
10.4 New Security Technologies.
Appendix A. Capability Descriptions.
Appendix B. Some Cryptography Basics.
Appendix C. The Software Install API.
Bibliography and References.
PortraitCraig Heath has been working in IT security since 1988, including positions at The Santa Cruz Operation as security architect for SCO UNIX, and at Lutris Technologies as security architect for the Enhydra Enterprise Java Application Server. He joined Symbian in 2002, working in product management and strategy.He has been a member of The Open Group Security Forum (originally the X/Open Security Working Group) since 1993, sitting on the Steering Committee since 1999. He has contributed to several published security standards, including XBSS (baseline system security requirements), XDAS (distributed audit), and XSSO (single sign-on). He has also participated in standards work within POSIX, IETF, the Java Community Process, and the Open Mobile Alliance.
Untertitel: 'Symbian Press'. Sprache: Englisch.
Verlag: JOHN WILEY & SONS INC
Erscheinungsdatum: April 2006
Seitenanzahl: 249 Seiten