Smartphone Platform Security What Can We Learn from Symbian? Craig Heath Independent Security Consultant

Smartphone Platform Security What Can We Learn from Symbian? Craig Heath Independent Security Consultant

Smartphone Platform Security What can we learn from Symbian? Craig Heath Independent Security Consultant 15 Jan 2015 Franklin Heath Ltd Discussion Points Was Symbian OS platform security a success? Did developer difficulties with platform security contribute to Symbian’s downfall? Could those difficulties have been prevented? Did Symbian’s platform security have anything better than today’s successful platforms? 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 2 Symbian OS Versions Without Platform Security With Platform Security Year Ver. UI Layer Typical Phone Year Ver. UI Layer Typical Phone S60 3rd Edition Nokia 3250 2001 6.0 Series 80 Nokia 9210 2006 9.1 UIQ 3.0 Sony Ericsson P990 S60 1st Edition+FP1 Nokia 7650 S60 3rd Edition FP1 Nokia N95 6.1 2007 9.2 2002 MOAP(S) Fujitsu F2051 UIQ 3.1 & 3.2 Motorola Z8 7.0 UIQ 2.0 (& 2.1) Sony Ericsson P800 9.3 S60 3rd Edition FP2 Samsung i8510 2008 Nokia 5800 2003 7.0S S60 2nd Edition+FP1 Nokia 6600 9.4 S60 5th Edition 2009 Nokia N97 2004 8.0a S60 2nd Edition FP2 Nokia 6630 ^2 MOAP(S) Fujitsu F-07B 2010 ^3 S60 Nokia N8 2005 8.1a S60 2nd Edition FP3 Nokia N90 2011 Anna S60 Nokia E6 2007 8.1b MOAP(S) Fujitsu F905i 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 3 Symbian Platform Security Architecture Run-time controls on system and applications Based on long-established security principles e.g. “Trusted Computing Base”, “Least Privilege” Designed for mobile device use cases low-level, highly efficient implementation “Capabilities” determine process privileges checked by APIs which offer security-relevant services “Data Caging” protects stored data protected directories for system and for applications Secure identifiers (“SIDs”) for applications verified at install-time 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 4 Symbian OS New Malware Strains and Variants Per Month 18 First phones introduced 16 with platform security 14 12 New 10 Variant 8 6 4 2 0 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 5 Developer Difficulties Compatibility break Used as an excuse for fixing accumulated technical debt Additional complexity SIDs, data caging, etc. “How do I know what capabilities I need?” Difficulty of debugging “Why can’t you just turn the security off?” Cost of approval and signing ...even though it was steadily reduced over time Delays caused by approval and signing process Rejections were common 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 6 Aside: Symbian OS C++ Same language and environment for apps as the OS (and/or UI) In principle allows third party developers to produce powerful apps ... but harder to work with in-progress documentation and finicky tools Non-standard C++ “idioms” Descriptors, active objects, cleanup stack ANSI exception handling came too late Technically good (vastly more power efficient) ... but steep learning curve Alternatives were either too little (CDC Java, MIDP Java) ... or too late (PIPS, Qt) 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 7 Symbian Signed Capability Groups Extended Extended User Manufacturer (System) (Restricted) LocalServices PowerMgmt CommDD AllFiles Location ProtServ DiskAdmin DRM NetworkServices ReadDeviceData NetworkControl TCB ReadUserData SurroundingsDD MultimediaDD UserEnvironment SwEvent WriteUserData TrustedUI WriteDeviceData 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 8 Symbian Signed Capability Groups Unverified Verified with Publisher ID Additional Unsigned Developer Developer Group Capabilities Express Certified or Certificate Certificate Permitted Signed Signed Self-signed per IMEI(s) per IMEI(s) install-time User 6 user prompt Yes Yes Extended 7 Yes Yes (System) Extended 4 (Restricted) OEM OEM Manufacturer 3 approval approval 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 9 Symbian Signed Costs 2004, initially a branding / co-marketing programme All outsourced costs passed to publisher (could be over $1000 per app) Most developers were their own publisher 2006, required for “non-user-grantable” platform security capabilities Standardised testing, lowest price €195 Still required $395 publisher ID annually 2007, reduced costs but increased complexity Publisher IDs reduced to $200 “Express Signed” $20 subset of “extended” capabilities, self-testing with random auditing afterwards 2010, streamlined test criteria Express Signed €10, Certified Signed €150 2010, Nokia pays for and performs signing for Ovi Store submissions 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 10 What Could We Have Done Differently? Needed more clout and/or money Google were able to ignore operator demands Apple were able to phase out DRM Apple were able to subsidise approval process CA-issued publisher IDs were probably a mistake Self-signed works for Google Android Didn’t help us track down malicious actors Robustness was pretty good User experience was pretty good 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 11 Discussion Points Was Symbian OS platform security a success? Did developer difficulties with platform security contribute to Symbian’s downfall? Could those difficulties have been prevented? Did Symbian’s platform security have anything better than today’s successful platforms? 15 Jan 2015 © Franklin Heath Ltd c b CC BY 3.0 12 .

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    12 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us