Cryptography Reference
In-Depth Information
The amount of information available for the different operating systems below
varies largely. In particular, the information for closed platforms is limited, we
therefore restrict ourselves to a rather non-technical level and just sketch the
functionality.
10.2.1 BlackBerry OS
Today's de facto standard among the Smartphone security solutions is the Black-
Berry OS. This operating system is very popular in the business domain where
employees depend on connectivity to the IT infrastructure of their company. Thus,
it is not surprising that the security architecture [RIM09] provided by Research in
Motion (RIM) also includes dedicated enterprise server systems, databases, etc.
which handle the connectivity and allow for management of BlackBerry devices.
Whilst this architecture represents a holistic approach towards providing a secure
mobile infrastructure, we are more interested in the security mechanisms deployed
on individual Smartphones.
In general, every access to data stored on the Enterprise server or device is
controlled by a firewall. As the BlackBerry OS allows for the installation of third-
party applications, the access of these applications to cooperate data is controlled
by this firewall. Either the user allows access, or the administrator sets up security
policies regulating access. For this purposes applications are classified according to
the connection they can setup. An internal connection policy specifies whether an
application can access cooperate data. External connection policies specify the
access to all data external to the cooperation. A special “split-pipe” connection
policy describes security rules for application which simultaneously setup internal
and external connections.
BlackBerry also allows for controlling the way applications are installed on a
device. Third-applications which are downloaded and installed over the wireless
interface require user approval. The device administrator can also completely
prevent the installation of additional applications.
BlackBerry requires a specific applications format, so-called MIDlets. Such applica-
tions are based on the Java Micro Edition platform and are limited to the use of
specific Application Program Interfaces (APIs). A Java Virtual Machine (JVM)
serves as the runtime environment, and BlackBerry insulates the processes of
different applications. Applications that require access to critical data on a Black-
Berry device, e.g. to the calendar, contacts, or other user data must use specific
APIs and are only executed if signed by RIM. If an application comes with a valid
signature that application can have full access to this data and interact with other
third-party applications.
Additional security policies were introduced for reducing the attack surface of
malicious but signed applications, and for being able to restrict the access rights of
Search WWH ::




Custom Search