Suche senden
Hochladen
Smartphone Platform Security - What can we learn from Symbian?
•
1 gefällt mir
•
643 views
C
Craig Heath
Folgen
Presented at Cambridge Wireless, 15th January 2015.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 12
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Symbian os
Symbian os
Prof.Dr.Hanumanthappa J
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian Daniel Rocha Mobile Expert
Symbian Daniel Rocha Mobile Expert
Mobile Expert
FIDOAlliance
FIDOAlliance
Sanjeev Verma, PhD
Hypori Performance Webinar
Hypori Performance Webinar
Grafic.guru
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Stephen Randall
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
Psion vs win ce
Psion vs win ce
Surapol Imi
Empfohlen
Symbian os
Symbian os
Prof.Dr.Hanumanthappa J
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian Daniel Rocha Mobile Expert
Symbian Daniel Rocha Mobile Expert
Mobile Expert
FIDOAlliance
FIDOAlliance
Sanjeev Verma, PhD
Hypori Performance Webinar
Hypori Performance Webinar
Grafic.guru
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Stephen Randall
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
Psion vs win ce
Psion vs win ce
Surapol Imi
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian os
Symbian os
Parimal Patel
Multi channel advantage
Multi channel advantage
Dipesh Mukerji
Overview of Mobile Dev Platforms
Overview of Mobile Dev Platforms
Mike Wolfson
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Katrien De Graeve
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Manoj Awasthi
Seminar report on Symbian OS
Seminar report on Symbian OS
Darsh Kotecha
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
Semaphore
Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
April 2019 Patch Tuesday
April 2019 Patch Tuesday
Ivanti
Symbian OS
Symbian OS
Arun S Kurup
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
Seungjoo Kim
Current trends in open source and automotive
Current trends in open source and automotive
Ryo Jin
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
Android before getting started
Android before getting started
Ahsanul Karim
Android App Security Solution
Android App Security Solution
Jay Li
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
What is ThousandEyes Webinar
What is ThousandEyes Webinar
ThousandEyes
WebRTC Market Status & Voice/Video Overview
WebRTC Market Status & Voice/Video Overview
Dean Bubley
DC4420 Bluetooth Security
DC4420 Bluetooth Security
Craig Heath
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath
Weitere ähnliche Inhalte
Ähnlich wie Smartphone Platform Security - What can we learn from Symbian?
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian os
Symbian os
Parimal Patel
Multi channel advantage
Multi channel advantage
Dipesh Mukerji
Overview of Mobile Dev Platforms
Overview of Mobile Dev Platforms
Mike Wolfson
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Katrien De Graeve
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Manoj Awasthi
Seminar report on Symbian OS
Seminar report on Symbian OS
Darsh Kotecha
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
Semaphore
Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
April 2019 Patch Tuesday
April 2019 Patch Tuesday
Ivanti
Symbian OS
Symbian OS
Arun S Kurup
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
Seungjoo Kim
Current trends in open source and automotive
Current trends in open source and automotive
Ryo Jin
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
Android before getting started
Android before getting started
Ahsanul Karim
Android App Security Solution
Android App Security Solution
Jay Li
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
What is ThousandEyes Webinar
What is ThousandEyes Webinar
ThousandEyes
WebRTC Market Status & Voice/Video Overview
WebRTC Market Status & Voice/Video Overview
Dean Bubley
Ähnlich wie Smartphone Platform Security - What can we learn from Symbian?
(20)
Symbian
Symbian
Symbian os
Symbian os
Multi channel advantage
Multi channel advantage
Overview of Mobile Dev Platforms
Overview of Mobile Dev Platforms
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Seminar report on Symbian OS
Seminar report on Symbian OS
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
April 2019 Patch Tuesday
April 2019 Patch Tuesday
Symbian OS
Symbian OS
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
Current trends in open source and automotive
Current trends in open source and automotive
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
Android before getting started
Android before getting started
Android App Security Solution
Android App Security Solution
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
What is ThousandEyes Webinar
What is ThousandEyes Webinar
WebRTC Market Status & Voice/Video Overview
WebRTC Market Status & Voice/Video Overview
Mehr von Craig Heath
DC4420 Bluetooth Security
DC4420 Bluetooth Security
Craig Heath
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath
The Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
Craig Heath
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Craig Heath
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Craig Heath
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
Craig Heath
Mobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
Craig Heath
People Power in Your Pocket
People Power in Your Pocket
Craig Heath
Mehr von Craig Heath
(8)
DC4420 Bluetooth Security
DC4420 Bluetooth Security
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
The Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
Mobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
People Power in Your Pocket
People Power in Your Pocket
Kürzlich hochgeladen
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Kürzlich hochgeladen
(20)
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Slack Application Development 101 Slides
Slack Application Development 101 Slides
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Smartphone Platform Security - What can we learn from Symbian?
1.
Franklin Heath Ltd Smartphone
Platform Security What can we learn from Symbian? Craig Heath Independent Security Consultant 15 Jan 2015
2.
© Franklin Heath
Ltd c b CC BY 3.0 Discussion Points Was Symbian OS platform security a success? Did developer difficulties with platform security contribute to Symbian’s downfall? Could those difficulties have been prevented? Did Symbian’s platform security have anything better than today’s successful platforms? 15 Jan 2015 2
3.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian OS Versions 15 Jan 2015 3 Without Platform Security Year Ver. UI Layer Typical Phone 2001 6.0 Series 80 Nokia 9210 2002 6.1 S60 1st Edition+FP1 Nokia 7650 MOAP(S) Fujitsu F2051 7.0 UIQ 2.0 (& 2.1) Sony Ericsson P800 2003 7.0S S60 2nd Edition+FP1 Nokia 6600 2004 8.0a S60 2nd Edition FP2 Nokia 6630 2005 8.1a S60 2nd Edition FP3 Nokia N90 2007 8.1b MOAP(S) Fujitsu F905i With Platform Security Year Ver. UI Layer Typical Phone 2006 9.1 S60 3rd Edition Nokia 3250 UIQ 3.0 Sony Ericsson P990 2007 9.2 S60 3rd Edition FP1 Nokia N95 UIQ 3.1 & 3.2 Motorola Z8 2008 9.3 S60 3rd Edition FP2 Samsung i8510 9.4 S60 5th Edition Nokia 5800 2009 Nokia N97 2010 ^2 MOAP(S) Fujitsu F-07B ^3 S60 Nokia N8 2011 Anna S60 Nokia E6
4.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Platform Security Architecture 15 Jan 2015 4 Run-time controls on system and applications Based on long-established security principles e.g. “Trusted Computing Base”, “Least Privilege” Designed for mobile device use cases low-level, highly efficient implementation “Capabilities” determine process privileges checked by APIs which offer security-relevant services “Data Caging” protects stored data protected directories for system and for applications Secure identifiers (“SIDs”) for applications verified at install-time
5.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian OS New Malware Strains and Variants Per Month 15 Jan 2015 5 0 2 4 6 8 10 12 14 16 18 New Variant First phones introduced with platform security
6.
© Franklin Heath
Ltd c b CC BY 3.0 Developer Difficulties 15 Jan 2015 6 Compatibility break Used as an excuse for fixing accumulated technical debt Additional complexity SIDs, data caging, etc. “How do I know what capabilities I need?” Difficulty of debugging “Why can’t you just turn the security off?” Cost of approval and signing ...even though it was steadily reduced over time Delays caused by approval and signing process Rejections were common
7.
© Franklin Heath
Ltd c b CC BY 3.0 Aside: Symbian OS C++ Same language and environment for apps as the OS (and/or UI) In principle allows third party developers to produce powerful apps ... but harder to work with in-progress documentation and finicky tools Non-standard C++ “idioms” Descriptors, active objects, cleanup stack ANSI exception handling came too late Technically good (vastly more power efficient) ... but steep learning curve Alternatives were either too little (CDC Java, MIDP Java) ... or too late (PIPS, Qt) 15 Jan 2015 7
8.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Signed Capability Groups 15 Jan 2015 8 User Extended (System) Extended (Restricted) Manufacturer LocalServices Location NetworkServices ReadUserData UserEnvironment WriteUserData PowerMgmt ProtServ ReadDeviceData SurroundingsDD SwEvent TrustedUI WriteDeviceData CommDD DiskAdmin NetworkControl MultimediaDD AllFiles DRM TCB
9.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Signed Capability Groups 15 Jan 2015 9 Group Additional Capabilities Permitted Unverified Verified with Publisher ID Unsigned or Self-signed Developer Certificate per IMEI(s) Developer Certificate per IMEI(s) Express Signed Certified Signed User 6 install-time user prompt Yes Yes Yes Yes Extended (System) 7 Extended (Restricted) 4 Manufacturer 3 OEM approval OEM approval
10.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Signed Costs 15 Jan 2015 10 2004, initially a branding / co-marketing programme All outsourced costs passed to publisher (could be over $1000 per app) Most developers were their own publisher 2006, required for “non-user-grantable” platform security capabilities Standardised testing, lowest price €195 Still required $395 publisher ID annually 2007, reduced costs but increased complexity Publisher IDs reduced to $200 “Express Signed” $20 subset of “extended” capabilities, self-testing with random auditing afterwards 2010, streamlined test criteria Express Signed €10, Certified Signed €150 2010, Nokia pays for and performs signing for Ovi Store submissions
11.
© Franklin Heath
Ltd c b CC BY 3.0 What Could We Have Done Differently? Needed more clout and/or money Google were able to ignore operator demands Apple were able to phase out DRM Apple were able to subsidise approval process CA-issued publisher IDs were probably a mistake Self-signed works for Google Android Didn’t help us track down malicious actors Robustness was pretty good User experience was pretty good 15 Jan 2015 11
12.
© Franklin Heath
Ltd c b CC BY 3.0 Discussion Points Was Symbian OS platform security a success? Did developer difficulties with platform security contribute to Symbian’s downfall? Could those difficulties have been prevented? Did Symbian’s platform security have anything better than today’s successful platforms? 15 Jan 2015 12
Jetzt herunterladen