Embedded Consumer Electronics:
Security Considerations in the Use
of High-Level Operating Systems
Craig Heath
Chief Securi...
Is Security an Issue?
   Connectivity means exposing an attack surface to the
    outside world
   Trend to “apps with e...
Is a High-Level Operating System Good
for Security?
   Not necessarily – some downside
       Complete Symbian Platform ...
The Least-Privilege Principle Can Help
   Requires a modular platform architecture rather than a
    monolithic one

   ...
Symbian Platform: Capability Architecture
Trusted Computing Base (TCB)                            Trusted Computing Enviro...
Over the Horizon: Privacy Labelling
   Symbian platform has the notion of “user data”, and the
    ReadUserData and Write...
7
Upcoming SlideShare
Loading in …5
×

Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems

572 views

Published on

Consumer electronics systems are becoming increasingly connected, increasingly sophisticated and increasingly at risk from security threats. This presentation considers whether the use of high-level operating systems in consumer electronics can help address these risks.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
572
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems

  1. 1. Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems Craig Heath Chief Security Technologist Symbian Foundation
  2. 2. Is Security an Issue?  Connectivity means exposing an attack surface to the outside world  Trend to “apps with everything”  downloadable active content extends the market life of a consumer electronics device  provides additional revenue opportunities  but also provides additional attack surface  There will be attackers  hackers making a name for themselves  researchers proving a point  individuals cracking DRM for fun and profit  criminals attempting to defraud users and steal personal data 2
  3. 3. Is a High-Level Operating System Good for Security?  Not necessarily – some downside  Complete Symbian Platform and associated tools contain 40 million lines of code  Similar figures for other HLOSes (Linux, iOS, Windows CE)  Security assurance of so much code is effectively impossible  But it can bring significant benefits  Application Security Framework  nobody wants to repeat the PC malware explosion  Content Protection  to prevent copying and redistribution of commercial content  User Data Controls  users need easy-to-understand and enforceable privacy controls 3
  4. 4. The Least-Privilege Principle Can Help  Requires a modular platform architecture rather than a monolithic one  Ensures that the majority of the code base is running with the minimum privileges necessary to perform each task  Security assurance can target only the highly privileged code  Minimises the risk posed by security vulnerabilities due to design or implementation errors  Allows tight sandboxing of third-party code while still enabling rich functionality 4
  5. 5. Symbian Platform: Capability Architecture Trusted Computing Base (TCB) Trusted Computing Environment (TCE) full access to all APIs and files servers with selected “system capabilities” (kernel, installer, file server) most third-party apps need only “user capabilities” 5
  6. 6. Over the Horizon: Privacy Labelling  Symbian platform has the notion of “user data”, and the ReadUserData and WriteUserData capabilities  doesn’t, however, identify which user data is intended to be shared and which to be kept private  Could borrow the concept of “sensitivity labels” from the classic MLS (Multi-Level Secure) orange book systems  principle is that the sensitivity label is indivisible from the data  Labels could be set in one application (e.g. the camera app) and then acted upon in another (e.g. a file sharing app)  should be preserved even when files are moved or copied  Useful (essential?) for interfacing to social networking services  but it currently isn’t implemented (“you can trust us” attitude?) 6
  7. 7. 7

×