Information Technology Reference
In-Depth Information
Windows chambers
The Windows Phone OS 7.0 is heavily built on the principles of least privilege and isola-
tion. To achieve this, Windows Phone introduced the concept of
chambers
. Each chamber
has an isolation boundary within which a process can run. Depending on the security policy
of a specific chamber, a process running in that chamber has the privilege to access the OS
resources and capabilities (
https://www.msec.be/mobcom/ws2013/presentations/dav-
id_hernie.pdf
). There are four types of security chambers. The following is a brief descrip-
tion of each one of them:
•
Trusted Computing Base (TCB)
: Processes here have unrestricted access to most
of the Windows Phone 7 resources. This chamber has the privilege to modify
policies and enforce the security model. The kernel runs in this chamber.
•
Elevated Rights Chamber (ERC)
: This chamber is less privileged than the TCB
chamber. It has the privileges to access all resources except the security policy.
This chamber is mainly used for services and user-mode drivers, which provide
functionality intended for use by other applications on the phone.
•
Standard Rights Chamber (SRC)
: This is the default chamber for preinstalled
applications, such as Microsoft Outlook Mobile 2010.
•
Least Privileged Chamber (LPC)
: This is the default chamber for all the applica-
tions that are downloaded and installed through the Marketplace Hub (also known
as the Windows Phone Marketplace).
