SlideShare a Scribd company logo

Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems

C
Craig Heath

Consumer electronics systems are becoming increasingly connected, increasingly sophisticated and increasingly at risk from security threats. This presentation considers whether the use of high-level operating systems in consumer electronics can help address these risks.

Technology
1 of 7
Download to read offline
Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems Craig Heath Chief Security Technologist Symbian Foundation
Is Security an Issue?  Connectivity means exposing an attack surface to the outside world  Trend to “apps with everything”  downloadable active content extends the market life of a consumer electronics device  provides additional revenue opportunities  but also provides additional attack surface  There will be attackers  hackers making a name for themselves  researchers proving a point  individuals cracking DRM for fun and profit  criminals attempting to defraud users and steal personal data 2
Is a High-Level Operating System Good for Security?  Not necessarily – some downside  Complete Symbian Platform and associated tools contain 40 million lines of code  Similar figures for other HLOSes (Linux, iOS, Windows CE)  Security assurance of so much code is effectively impossible  But it can bring significant benefits  Application Security Framework  nobody wants to repeat the PC malware explosion  Content Protection  to prevent copying and redistribution of commercial content  User Data Controls  users need easy-to-understand and enforceable privacy controls 3
The Least-Privilege Principle Can Help  Requires a modular platform architecture rather than a monolithic one  Ensures that the majority of the code base is running with the minimum privileges necessary to perform each task  Security assurance can target only the highly privileged code  Minimises the risk posed by security vulnerabilities due to design or implementation errors  Allows tight sandboxing of third-party code while still enabling rich functionality 4
Symbian Platform: Capability Architecture Trusted Computing Base (TCB) Trusted Computing Environment (TCE) full access to all APIs and files servers with selected “system capabilities” (kernel, installer, file server) most third-party apps need only “user capabilities” 5
Over the Horizon: Privacy Labelling  Symbian platform has the notion of “user data”, and the ReadUserData and WriteUserData capabilities  doesn’t, however, identify which user data is intended to be shared and which to be kept private  Could borrow the concept of “sensitivity labels” from the classic MLS (Multi-Level Secure) orange book systems  principle is that the sensitivity label is indivisible from the data  Labels could be set in one application (e.g. the camera app) and then acted upon in another (e.g. a file sharing app)  should be preserved even when files are moved or copied  Useful (essential?) for interfacing to social networking services  but it currently isn’t implemented (“you can trust us” attitude?) 6
7

Recommended

Big Communications Event, Keynote Communications Track
Big Communications Event, Keynote Communications TrackBig Communications Event, Keynote Communications Track
Big Communications Event, Keynote Communications TrackRon Batra
 
Oracle Open World Preso on Cloud Economics
Oracle Open World Preso on Cloud EconomicsOracle Open World Preso on Cloud Economics
Oracle Open World Preso on Cloud EconomicsRon Batra
 
Industrial Revolution
Industrial Revolution Industrial Revolution
Industrial Revolutionsuwalden
 
19.2 b
19.2 b19.2 b
19.2 bsuwalden
 
The home front
The home frontThe home front
The home frontsuwalden
 
The new order and the holocaust
The new order and the holocaustThe new order and the holocaust
The new order and the holocaustsuwalden
 
The Japanese Path to WWII
The Japanese Path to WWIIThe Japanese Path to WWII
The Japanese Path to WWIIsuwalden
 
Course of the war pacific theater
Course of the war pacific theaterCourse of the war pacific theater
Course of the war pacific theatersuwalden
 

Recommended

Big Communications Event, Keynote Communications Track
Big Communications Event, Keynote Communications TrackBig Communications Event, Keynote Communications Track
Big Communications Event, Keynote Communications TrackRon Batra
 
Oracle Open World Preso on Cloud Economics
Oracle Open World Preso on Cloud EconomicsOracle Open World Preso on Cloud Economics
Oracle Open World Preso on Cloud EconomicsRon Batra
 
Industrial Revolution
Industrial Revolution Industrial Revolution
Industrial Revolutionsuwalden
 
19.2 b
19.2 b19.2 b
19.2 bsuwalden
 
The home front
The home frontThe home front
The home frontsuwalden
 
The new order and the holocaust
The new order and the holocaustThe new order and the holocaust
The new order and the holocaustsuwalden
 
The Japanese Path to WWII
The Japanese Path to WWIIThe Japanese Path to WWII
The Japanese Path to WWIIsuwalden
 
Course of the war pacific theater
Course of the war pacific theaterCourse of the war pacific theater
Course of the war pacific theatersuwalden
 
Course of wwii
Course of wwiiCourse of wwii
Course of wwiisuwalden
 
The home front
The home frontThe home front
The home frontsuwalden
 
Path to WWII
Path to WWIIPath to WWII
Path to WWIIsuwalden
 
Renaissance
Renaissance Renaissance
Renaissance suwalden
 
Reformation
ReformationReformation
Reformationsuwalden
 
Intro to psy
Intro to psyIntro to psy
Intro to psysuwalden
 
Industrial revolution
Industrial revolutionIndustrial revolution
Industrial revolutionsuwalden
 
DC4420 Bluetooth Security
DC4420 Bluetooth SecurityDC4420 Bluetooth Security
DC4420 Bluetooth SecurityCraig Heath
 
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?Craig Heath
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeCraig Heath
 
Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Craig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine SimulatorFund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine SimulatorCraig Heath
 
Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsCraig Heath
 
People Power in Your Pocket
People Power in Your PocketPeople Power in Your Pocket
People Power in Your PocketCraig Heath
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

More Related Content

Viewers also liked

Course of wwii
Course of wwiiCourse of wwii
Course of wwiisuwalden
 
The home front
The home frontThe home front
The home frontsuwalden
 
Path to WWII
Path to WWIIPath to WWII
Path to WWIIsuwalden
 
Renaissance
Renaissance Renaissance
Renaissance suwalden
 
Reformation
ReformationReformation
Reformationsuwalden
 
Intro to psy
Intro to psyIntro to psy
Intro to psysuwalden
 
Industrial revolution
Industrial revolutionIndustrial revolution
Industrial revolutionsuwalden
 

Viewers also liked (7)

Course of wwii
Course of wwiiCourse of wwii
Course of wwii
 
The home front
The home frontThe home front
The home front
 
Path to WWII
Path to WWIIPath to WWII
Path to WWII
 
Renaissance
Renaissance Renaissance
Renaissance
 
Reformation
ReformationReformation
Reformation
 
Intro to psy
Intro to psyIntro to psy
Intro to psy
 
Industrial revolution
Industrial revolutionIndustrial revolution
Industrial revolution
 

More from Craig Heath

DC4420 Bluetooth Security
DC4420 Bluetooth SecurityDC4420 Bluetooth Security
DC4420 Bluetooth SecurityCraig Heath
 
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?Craig Heath
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeCraig Heath
 
Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Craig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaCraig Heath
 
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine SimulatorFund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine SimulatorCraig Heath
 
Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsCraig Heath
 
People Power in Your Pocket
People Power in Your PocketPeople Power in Your Pocket
People Power in Your PocketCraig Heath
 

More from Craig Heath (9)

DC4420 Bluetooth Security
DC4420 Bluetooth SecurityDC4420 Bluetooth Security
DC4420 Bluetooth Security
 
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
 
The Future of Computer Security and Cybercrime
The Future of Computer Security and CybercrimeThe Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
 
Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?Smartphone Platform Security - What can we learn from Symbian?
Smartphone Platform Security - What can we learn from Symbian?
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
 
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and EnigmaSecurity Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
 
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine SimulatorFund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
 
Mobile Security Sticks and Carrots
Mobile Security Sticks and CarrotsMobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
 
People Power in Your Pocket
People Power in Your PocketPeople Power in Your Pocket
People Power in Your Pocket
 

Recently uploaded

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 

Recently uploaded (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 

Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems

  • 1. Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems Craig Heath Chief Security Technologist Symbian Foundation
  • 2. Is Security an Issue?  Connectivity means exposing an attack surface to the outside world  Trend to “apps with everything”  downloadable active content extends the market life of a consumer electronics device  provides additional revenue opportunities  but also provides additional attack surface  There will be attackers  hackers making a name for themselves  researchers proving a point  individuals cracking DRM for fun and profit  criminals attempting to defraud users and steal personal data 2
  • 3. Is a High-Level Operating System Good for Security?  Not necessarily – some downside  Complete Symbian Platform and associated tools contain 40 million lines of code  Similar figures for other HLOSes (Linux, iOS, Windows CE)  Security assurance of so much code is effectively impossible  But it can bring significant benefits  Application Security Framework  nobody wants to repeat the PC malware explosion  Content Protection  to prevent copying and redistribution of commercial content  User Data Controls  users need easy-to-understand and enforceable privacy controls 3
  • 4. The Least-Privilege Principle Can Help  Requires a modular platform architecture rather than a monolithic one  Ensures that the majority of the code base is running with the minimum privileges necessary to perform each task  Security assurance can target only the highly privileged code  Minimises the risk posed by security vulnerabilities due to design or implementation errors  Allows tight sandboxing of third-party code while still enabling rich functionality 4
  • 5. Symbian Platform: Capability Architecture Trusted Computing Base (TCB) Trusted Computing Environment (TCE) full access to all APIs and files servers with selected “system capabilities” (kernel, installer, file server) most third-party apps need only “user capabilities” 5
  • 6. Over the Horizon: Privacy Labelling  Symbian platform has the notion of “user data”, and the ReadUserData and WriteUserData capabilities  doesn’t, however, identify which user data is intended to be shared and which to be kept private  Could borrow the concept of “sensitivity labels” from the classic MLS (Multi-Level Secure) orange book systems  principle is that the sensitivity label is indivisible from the data  Labels could be set in one application (e.g. the camera app) and then acted upon in another (e.g. a file sharing app)  should be preserved even when files are moved or copied  Useful (essential?) for interfacing to social networking services  but it currently isn’t implemented (“you can trust us” attitude?) 6
  • 7. 7