It is a fine-grained way to efficiently restrict or completely prevent
unauthorised access to sensitive APIs and data on the mobile
phone while keeping the device open to developers.
It follows a per-process capability-based model
It compartmentalises the system, according to access capabilities,
to APIs and files
It makes sure that the users can make policy decisions they
understand
It is Kernel mediated but server enforced
Why a finer-grained Platform Security model ?
Phones are open, networked & data communication devices
• Users expect their phones to be highly reliable
• Users care about their privacy – and their phone bills
• Mobile networks are not like the internet – they can restrict
access
• Existing “Perimeter Security” model enables unrestricted
access to all phone capabilities once installed
Benefits of Platform Security
For developers
Maintains network operator & user confidence in open
phone environment
…
Grows opportunity for mass market applications,
content & services
…
enables m-commerce applications & high value DRM
content
For network operator
Protects network & handsets from malware
…
Protects customer data & privacy
New Symbian OS concept – Data Caging
Separating code from data
• File-system structure changes
…
\sys, \resource, \private\
…
Executables will be placed in and only run from \sys\bin
• Processes are confined to their own part of the file-system
• Access rules based on directory path
…
Single user, no access control list required
…
No extra storage needed
• Support for removable media file systems
tamper evidence for binaries
No comments:
Post a Comment