Symbian OS Platform Security/About This Book
Reproduced by kind permission of John Wiley & Sons.
Symbian Press is delighted to bring you this book documenting the fruits of Symbian’s platform security project. The project has been in development for several years, and at last we have the opportunity to present the enhanced features of the Symbian OS security architecture in public.
Symbian OS Platform Security describes the philosophy of platform security as well as its implementation. It documents the mechanisms Symbian has implemented to protect phone integrity, to protect sensitive data, and to control access to sensitive operations.
This book describes the context and need for platform security on mobile devices and the concepts that underlie the Symbian OS security architecture, such as the core principles of ‘trust’, ‘capability’ and ‘data caging’. It goes on to explain how to develop applications on a secure platform: the development environment, how to write secure applications, servers and plug-ins, and how to share data safely between devices. The book also clarifies the concepts of application certification and signing, the industry ‘gatekeepers’ of platform security. All of this information will be vital to those wishing to develop or port applications to mass-market phones based on Symbian OS v9.
The content of this book will be useful for developers involved with Symbian OS at all levels, from activities based around device creation, to the creators of applications for commercially available Symbian OS phones, to security specialists involved in mobile phone procurement or the design of mobile network services based on Symbian OS phones.
by Tim Wright, Security Technologies, Vodafone Research and Development
In the 10 years I have been working in the field of mobile phone security, we have seen a vast increase in the power and flexibility of the programming environment available on mobile phones, moving towards the openness of the PC and the Internet. Over that same period there have been attempts, not to close down the open environments of the PC and the Internet but, at the very least, to ‘tame’ them. This taming needed to happen and needs to continue.
Fortunately, the growth in the functionality and openness of mobile phones happened in a controlled manner, with many factors working in favor of security. Firstly, over this period most mobile phones were, and still are, bought by network operators (for sale on to their subscribers) who imposed security requirements that have kept implementation standards high. Secondly, most data coming in to and out of mobile phones involves a network operator, who has both the reason and the power to take steps on the network side to curb the effects of viruses and worms on the client side. Finally, there was the simple fact that Symbian OS phones represented a small percentage of the total mobile phone population.
Some of these factors are changing. Surely the most significant is that the percentage of mobile phones based on Symbian OS and other open operating systems is set to increase significantly. Symbian OS will become a serious and worthwhile target for writers of malware. The increasing variety of short-range and long-range wireless interfaces means that there are many ways for data and applications to get onto a phone and the proportion that operators can control will decrease. Symbian OS is entering a bigger and less controlled world and needs to be able to look after itself.
Vodafone, therefore, very much welcome Symbian’s introduction of the platform security architecture. It is Vodafone’s hope that effective certification schemes for application developers, continued scrutiny and improvement of the most trusted parts of the Symbian OS, and complementary hardware security features for boot-time and run-time protection of the secure software will be used alongside platform security and help to ensure its long term success. Symbian OS can then be opened up to a wider range of application developers with the assurance that privileges can be allocated to code on the basis of the responsibility the developers will take, and that users and their phones can be protected from poor code and malicious intent.
This book provides background to the platform security architecture, which will be of interest to security professionals, and guidance to application developers on how best to take advantage of the improved security now available. Widespread adoption of these practices will benefit the whole mobile phone industry, including software vendors, semiconductor vendors, phone manufacturers, network operators, content providers and, not least, the phone user!
About the Authors
Craig Heath, Lead Author
Craig has been working in IT security since 1988, holding positions at the Santa Cruz Operation as security architect for SCO UNIX, and at Lutris Technologies as security architect for the Enhydra Enterprise Java Application Server. He joined Symbian in 2002, working in product management and strategy.
A member of The Open Group Security Forum (originally the X/Open Security Working Group) since 1993, sitting on the Steering Committee since 1999, he has contributed to several published security standards. These include XBSS (baseline system security requirements), XDAS (distributed audit) and XSSO (single sign-on). He has also participated in standards work within POSIX, IETF, the Java Community Process, and the Open Mobile Alliance. He graduated from the University of Warwick with a BSc. in computer science in 1984.
With an honors degree in Electronic Systems, Andy has spent the last 17 years working in the telecommunications software arena on projects as diverse as FDDI-2, mobile presence and availability systems, distributed real-time middleware, and optical switching.
He joined Symbian in 2002, and designed and developed the Digital Rights Management infrastructure (Content Access Framework). He is now a Senior Technical Architect in the Crypto Services technology area which provides cryptographic, key and certificate management, authentication and software installation services into Symbian OS.
In his spare time, Andy enjoys tinkering with 3D-graphics rendering. When he wants to get away from a keyboard completely, he looks after 400 liters of water – complete with tropical fish. Occasionally, he also visits bigger fish in their native habitat if he’s lucky enough to be away diving with his partner Rebecca and his SCUBA buddies.
Geoff joined Symbian in 2000 from Vodafone to lead the Product Test organization. Following a move toMarketing, Geoff introduced Symbian’s Catalyst program, working with a range of partners to develop compelling third-party applications on top of Symbian OS. Recently, Geoff and his team have developed and delivered the industry-leading certification program, Symbian Signed. Geoff’s background in mobile telephony, network topologies and operations mean he is actively involved with Symbian’s operating partners and related standards forums.
Geoff studied in Hull, then lived in the Middle East, Far East and North America working on a range of communications systems. Geoff joined Motorola to work on their new GSM infrastructure and then joined a small UK network operator (Racal–Vodafone) to launch their new GSM network.
Geoff lives in Wiltshire and is married to Anne with whom he has a daughter, Thea.
Jonathan has spent the last seven years working for Symbian developing software in a range of technology areas and roles. After spending two years developing Symbian’s Bluetooth and infrared protocol stacks, he spent a period researching a redesign of the Socket Server architecture that subsequently debuted in Symbian OS v9. For two years he worked as a Senior Technical Consultant within Symbian’s Professional Services department, helping Symbian’s licensees to ship mobile phone products such as the Sony Ericsson P910i, and the Motorola A1000. In the last 15 months, he has been working as a System Architect with an instrumental role in realizing Symbian’s Platform Security implementation.
Jonathan graduated with a first class MEng. in Information Systems Engineering from Imperial College, London. He is a keen skier and cyclist, and spends whatever time he can cycle-touring or on long distance journeys with his wife Emma, and their beloved tandem, Dobbin. Jonathan thanks Keith Robertson for giving him so much to write about, teaching him how to approach it, and then letting him get on with it.
Mark graduated with a first class honors degree in Computing Studies, followed by a Masters in Digital Systems and finally a Postgraduate Certificate of Education. After six years of teaching and a spell at Morgan Stanley, he joined Psion Software in 1997 as a Technical Author working on SDK content and installation technologies.
After the formation of Symbian,Mark joined the Connectivity Engineering group, with sole responsibility for authoring, producing, delivering and supporting the Connectivity SDK. He also wrote a chapter in Symbian’s first book, Professional Symbian Programming. In 2001, Mark moved to the Kits team, becoming Technical Architect shortly afterwards, with the responsibility of introducing both the new Package Manager Kit format and subsequently the Component-Based Releases.
Mark transferred to the Symbian DeveloperNetwork in 2004, providing technical support to developers in the form of presentations, papers, books and tools.
Mark thanks Stephen Mansfield for review comments and corrections, and both Stephen and Jonathan Dixon for providing technical advice and suggestions. Thanks also to Colin Turfus and the Symbian Developer Network team for their ongoing support and to Hashem for everything else.
Matthew started work over a quarter of a century ago using 6th Edition UNIX on a minicomputer, and punched cards and JCL on a mainframe. He has been working at the leading edge of technology ever since. Before joining Symbian’s Security team in 2003, he worked on projects as varied as directory enquiry systems, UNIX kernel ports, free space optical links, distributed processing frameworks, SS7 call processing and compiler development.
Matthew studied at Robinson College, Cambridge, where he gained an MA.
Matthew would like to thank both his father for bringing him up and his wife for putting up with the result.
In 1996 Michael Bruce graduated with an honors degree in Mechanical Engineering from the University of New South Wales (Sydney, Australia). After several years working on process automation in the manufacturing sector he emigrated to the UK, joining Symbian’s Networking team in 2002. Later, after moving to the Security Team, he was one of the developers involved in the implementation of the new Platform Security Software Install. Recently he has moved to Marketing and has been responsible for providing the tools required by Symbian Signed to support Symbian OS v9.
When Michael is not at work he enjoys traveling, preferably to somewhere with snow so that he can pursue his passion for skiing.
Phil’s involvement with Symbian OS began with its predecessor, which powered the original Psion PDAs. As one of the most successful authors of Psion ‘shareware’ in the early 1990s, Phil took a work experience position at Psion Software during the summer of 1998. One year later, having finishing his A Levels, he accepted a job as a ‘Developer Consultant’ at the newly-formed Symbian during his ‘year out’ before university. Responsible for providing support, advice and guidance to third party developers, Phil decided to extend his ‘year out’ to two years, and eventually began his Economics degree at the London School of Economics in September 2000, whilst continuing to work for Symbian.
Phil graduated with a BSc. Econ. (Hons) in summer 2004 and returned full-time to Symbian to become Head of Developer Content, managing the team responsible for delivering the necessary documentation and support to make Symbian OS accessible to developers, and ensuring compelling and innovative applications are available for Symbian OS phones.
Phil currently lives in London and outside work his biggest interest is travel. Phil would like to thank his close colleagues at Symbian and the Symbian Press team not only for providing much support and amusement, but also for helping him to retain a small degree of sanity whilst juggling work and study at university!
Simon Higginson joined Symbian’s Technical Training Team as a Senior Developer Consultant in 1999. He has helped author a number of training courses for Symbian OS, including, most recently, a platform security course. His experience covers 19 years in the IT industry, working as a software developer for GST Professional Services and then consultant for Origin Automation Technology on the Cambridge Science Park.
Simon started his computing career on the York University computer while at school; after which he went on to read Natural Sciences and Computer Science at Churchill College, Cambridge. While writing Chapter 2 of this book, Simon amazingly found time to stand for the UK Parliament, and thanks the people of King’s Lynn for giving him time to finish the job, by electing someone else!
Will started working for Symbian in June 2000; firstly as a developer in local synchronization to the PC, then moving into remote synchronization development implementing SyncML. He stayed in this field while progressing from programmer through Technical Lead to Technology Architect, and also gained experience of OMA Device Management as a related technology. He is currently a Systems Architect specializing in device and settings management.
Will studied Electronic Engineering at Oxford Polytechnic, before training as a C++ programmer. He worked for a telematics company that sells vehicle-tracking software – developing the PC client–server architecture and also software for in-vehicle hand-held devices – before moving to Symbian to further his interest in telecommunications.
Will liked to travel until family life got the better of him. He is now blessed with two young sons who have helped him hone the communication and negotiation skills he needs in his professional life.
Craig would like to thank:
The Symbian OS platform security architects, in particular Corinne Dive-Reclus, Mal Minhas, Keith Robertson and Andrew Thoelke, who deserve the bulk of the credit for the features this book describes. Other contributors from Symbian who had a significant influence on the design include Will Bamberg, Jonathan Harris, Dennis May and Jonathan Webb. Credit is also due to the many Symbian engineers who worked on the implementation, integration and testing who are too numerous to list individually.
Our partners and customers who contributed to the design, including from Nokia, Timo Heikkinen, Janne Uusilehto and Antti Vähä-Sipila; from Sony-Ericsson, Johan Alm; from UIQ, Matthias Reik; from Vodafone, Steve Babbage and Tim Wright; from France Telecom, Didier Bégay; and from Orange, Tim Haysom.
My co-authors, Matthew Allen, Michael Bruce, Jonathan Dixon, Andy Harker, Simon Higginson, Will Palmer, Geoff Preston, Mark Shackman, and Phil Spencer who did most of the hard work.
My manager, Richard Wloch, and my co-authors’ managers, Tim Bentley, Bruce Carney, Simon Garth, and Neil Hepworth for allowing us to devote significant amounts of our work days to preparing this book.
Other contributors of material or insightful comments, including Tim Band, Ilhan Gurel, Sami Lehtisaari, Stephen Mansfield, Steve Matthews, Kal Patel and Jo Stichbury,
Last but not least, Phil Northam and Freddie Gjertsen for making the process of producing this book easy and putting up with many missed deadlines!
Symbian Press Acknowledgements
Symbian Press wishes to thank Craig for his perseverance; Stephen Evans for, once again, being beneficent when we asked, ‘can we have more resources please’; the LBC for tying us to our desks; and William because he surely deserves a mention.
We would also not like to thank Spencer for his mastery of eye-rolling.
Copyright © 2006, Symbian Ltd.