Submit Search
Upload
Smartphone Platform Security - What can we learn from Symbian?
•
1 like
•
643 views
C
Craig Heath
Follow
Presented at Cambridge Wireless, 15th January 2015.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 12
Download now
Download to read offline
Recommended
Symbian os
Symbian os
Prof.Dr.Hanumanthappa J
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian Daniel Rocha Mobile Expert
Symbian Daniel Rocha Mobile Expert
Mobile Expert
FIDOAlliance
FIDOAlliance
Sanjeev Verma, PhD
Hypori Performance Webinar
Hypori Performance Webinar
Grafic.guru
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Stephen Randall
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
Psion vs win ce
Psion vs win ce
Surapol Imi
Recommended
Symbian os
Symbian os
Prof.Dr.Hanumanthappa J
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian Daniel Rocha Mobile Expert
Symbian Daniel Rocha Mobile Expert
Mobile Expert
FIDOAlliance
FIDOAlliance
Sanjeev Verma, PhD
Hypori Performance Webinar
Hypori Performance Webinar
Grafic.guru
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Wellesley High School Career Seminars - The Entrepreneur's Perspective 2015
Stephen Randall
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
Psion vs win ce
Psion vs win ce
Surapol Imi
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian os
Symbian os
Parimal Patel
Multi channel advantage
Multi channel advantage
Dipesh Mukerji
Overview of Mobile Dev Platforms
Overview of Mobile Dev Platforms
Mike Wolfson
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Katrien De Graeve
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Manoj Awasthi
Seminar report on Symbian OS
Seminar report on Symbian OS
Darsh Kotecha
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
Semaphore
Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
April 2019 Patch Tuesday
April 2019 Patch Tuesday
Ivanti
Symbian OS
Symbian OS
Arun S Kurup
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
Seungjoo Kim
Current trends in open source and automotive
Current trends in open source and automotive
Ryo Jin
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
Android before getting started
Android before getting started
Ahsanul Karim
Android App Security Solution
Android App Security Solution
Jay Li
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
What is ThousandEyes Webinar
What is ThousandEyes Webinar
ThousandEyes
WebRTC Market Status & Voice/Video Overview
WebRTC Market Status & Voice/Video Overview
Dean Bubley
DC4420 Bluetooth Security
DC4420 Bluetooth Security
Craig Heath
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath
More Related Content
Similar to Smartphone Platform Security - What can we learn from Symbian?
Symbian
Symbian
Ezhilarasi Mathivanan
Symbian os
Symbian os
Parimal Patel
Multi channel advantage
Multi channel advantage
Dipesh Mukerji
Overview of Mobile Dev Platforms
Overview of Mobile Dev Platforms
Mike Wolfson
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Katrien De Graeve
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Manoj Awasthi
Seminar report on Symbian OS
Seminar report on Symbian OS
Darsh Kotecha
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
Semaphore
Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
Ivanti
April 2019 Patch Tuesday
April 2019 Patch Tuesday
Ivanti
Symbian OS
Symbian OS
Arun S Kurup
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
Seungjoo Kim
Current trends in open source and automotive
Current trends in open source and automotive
Ryo Jin
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
NASA Open Government Initiative
Android before getting started
Android before getting started
Ahsanul Karim
Android App Security Solution
Android App Security Solution
Jay Li
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
What is ThousandEyes Webinar
What is ThousandEyes Webinar
ThousandEyes
WebRTC Market Status & Voice/Video Overview
WebRTC Market Status & Voice/Video Overview
Dean Bubley
Similar to Smartphone Platform Security - What can we learn from Symbian?
(20)
Symbian
Symbian
Symbian os
Symbian os
Multi channel advantage
Multi channel advantage
Overview of Mobile Dev Platforms
Overview of Mobile Dev Platforms
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Designing and developing a Windows Phone 7 Silverlight Application End-to-End...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Accelerating Time-To-Market with Continuous Delivery at Tech in Asia, PDC 202...
Seminar report on Symbian OS
Seminar report on Symbian OS
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
iOS CI/CD: Continuous Integration and Continuous Delivery Explained
Patch Tuesday for January 2020
Patch Tuesday for January 2020
Ivanti Patch Tuesday for October 2019
Ivanti Patch Tuesday for October 2019
April 2019 Patch Tuesday
April 2019 Patch Tuesday
Symbian OS
Symbian OS
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
Current trends in open source and automotive
Current trends in open source and automotive
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
Android before getting started
Android before getting started
Android App Security Solution
Android App Security Solution
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
What is ThousandEyes Webinar
What is ThousandEyes Webinar
WebRTC Market Status & Voice/Video Overview
WebRTC Market Status & Voice/Video Overview
More from Craig Heath
DC4420 Bluetooth Security
DC4420 Bluetooth Security
Craig Heath
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
Craig Heath
The Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
Craig Heath
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Craig Heath
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Craig Heath
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
Craig Heath
Mobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
Craig Heath
People Power in Your Pocket
People Power in Your Pocket
Craig Heath
More from Craig Heath
(8)
DC4420 Bluetooth Security
DC4420 Bluetooth Security
What Security Do You Need From Low-Power Wide-Area Networks?
What Security Do You Need From Low-Power Wide-Area Networks?
The Future of Computer Security and Cybercrime
The Future of Computer Security and Cybercrime
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Security Lessons from Bletchley Park and Enigma
Fund Raising with an Android Enigma Machine Simulator
Fund Raising with an Android Enigma Machine Simulator
Mobile Security Sticks and Carrots
Mobile Security Sticks and Carrots
People Power in Your Pocket
People Power in Your Pocket
Recently uploaded
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Recently uploaded
(20)
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Smartphone Platform Security - What can we learn from Symbian?
1.
Franklin Heath Ltd Smartphone
Platform Security What can we learn from Symbian? Craig Heath Independent Security Consultant 15 Jan 2015
2.
© Franklin Heath
Ltd c b CC BY 3.0 Discussion Points Was Symbian OS platform security a success? Did developer difficulties with platform security contribute to Symbian’s downfall? Could those difficulties have been prevented? Did Symbian’s platform security have anything better than today’s successful platforms? 15 Jan 2015 2
3.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian OS Versions 15 Jan 2015 3 Without Platform Security Year Ver. UI Layer Typical Phone 2001 6.0 Series 80 Nokia 9210 2002 6.1 S60 1st Edition+FP1 Nokia 7650 MOAP(S) Fujitsu F2051 7.0 UIQ 2.0 (& 2.1) Sony Ericsson P800 2003 7.0S S60 2nd Edition+FP1 Nokia 6600 2004 8.0a S60 2nd Edition FP2 Nokia 6630 2005 8.1a S60 2nd Edition FP3 Nokia N90 2007 8.1b MOAP(S) Fujitsu F905i With Platform Security Year Ver. UI Layer Typical Phone 2006 9.1 S60 3rd Edition Nokia 3250 UIQ 3.0 Sony Ericsson P990 2007 9.2 S60 3rd Edition FP1 Nokia N95 UIQ 3.1 & 3.2 Motorola Z8 2008 9.3 S60 3rd Edition FP2 Samsung i8510 9.4 S60 5th Edition Nokia 5800 2009 Nokia N97 2010 ^2 MOAP(S) Fujitsu F-07B ^3 S60 Nokia N8 2011 Anna S60 Nokia E6
4.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Platform Security Architecture 15 Jan 2015 4 Run-time controls on system and applications Based on long-established security principles e.g. “Trusted Computing Base”, “Least Privilege” Designed for mobile device use cases low-level, highly efficient implementation “Capabilities” determine process privileges checked by APIs which offer security-relevant services “Data Caging” protects stored data protected directories for system and for applications Secure identifiers (“SIDs”) for applications verified at install-time
5.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian OS New Malware Strains and Variants Per Month 15 Jan 2015 5 0 2 4 6 8 10 12 14 16 18 New Variant First phones introduced with platform security
6.
© Franklin Heath
Ltd c b CC BY 3.0 Developer Difficulties 15 Jan 2015 6 Compatibility break Used as an excuse for fixing accumulated technical debt Additional complexity SIDs, data caging, etc. “How do I know what capabilities I need?” Difficulty of debugging “Why can’t you just turn the security off?” Cost of approval and signing ...even though it was steadily reduced over time Delays caused by approval and signing process Rejections were common
7.
© Franklin Heath
Ltd c b CC BY 3.0 Aside: Symbian OS C++ Same language and environment for apps as the OS (and/or UI) In principle allows third party developers to produce powerful apps ... but harder to work with in-progress documentation and finicky tools Non-standard C++ “idioms” Descriptors, active objects, cleanup stack ANSI exception handling came too late Technically good (vastly more power efficient) ... but steep learning curve Alternatives were either too little (CDC Java, MIDP Java) ... or too late (PIPS, Qt) 15 Jan 2015 7
8.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Signed Capability Groups 15 Jan 2015 8 User Extended (System) Extended (Restricted) Manufacturer LocalServices Location NetworkServices ReadUserData UserEnvironment WriteUserData PowerMgmt ProtServ ReadDeviceData SurroundingsDD SwEvent TrustedUI WriteDeviceData CommDD DiskAdmin NetworkControl MultimediaDD AllFiles DRM TCB
9.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Signed Capability Groups 15 Jan 2015 9 Group Additional Capabilities Permitted Unverified Verified with Publisher ID Unsigned or Self-signed Developer Certificate per IMEI(s) Developer Certificate per IMEI(s) Express Signed Certified Signed User 6 install-time user prompt Yes Yes Yes Yes Extended (System) 7 Extended (Restricted) 4 Manufacturer 3 OEM approval OEM approval
10.
© Franklin Heath
Ltd c b CC BY 3.0 Symbian Signed Costs 15 Jan 2015 10 2004, initially a branding / co-marketing programme All outsourced costs passed to publisher (could be over $1000 per app) Most developers were their own publisher 2006, required for “non-user-grantable” platform security capabilities Standardised testing, lowest price €195 Still required $395 publisher ID annually 2007, reduced costs but increased complexity Publisher IDs reduced to $200 “Express Signed” $20 subset of “extended” capabilities, self-testing with random auditing afterwards 2010, streamlined test criteria Express Signed €10, Certified Signed €150 2010, Nokia pays for and performs signing for Ovi Store submissions
11.
© Franklin Heath
Ltd c b CC BY 3.0 What Could We Have Done Differently? Needed more clout and/or money Google were able to ignore operator demands Apple were able to phase out DRM Apple were able to subsidise approval process CA-issued publisher IDs were probably a mistake Self-signed works for Google Android Didn’t help us track down malicious actors Robustness was pretty good User experience was pretty good 15 Jan 2015 11
12.
© Franklin Heath
Ltd c b CC BY 3.0 Discussion Points Was Symbian OS platform security a success? Did developer difficulties with platform security contribute to Symbian’s downfall? Could those difficulties have been prevented? Did Symbian’s platform security have anything better than today’s successful platforms? 15 Jan 2015 12
Download now