Cryptography Reference
In-Depth Information
10.2.4 SymbianOS
Similar to the security mechanisms introduced so far, SymbianOS uses permissions,
called capabilities [Heath2006]. These are assigned to processes, the “units of trust”
in Symbian. Capabilities are persistent, predefined attributes of a process and
specify the access rights of a process to system resources. The reference monitor in
the Symbian micro kernel will analyse these capabilities and enforce what a
process are allowed to do: The activity of the process is interrupted if the privileges
assigned to a process through capabilities are insufficient.
Resources in SymbianOS are accessed through APIs. These mainly reside in two
different parts of the operating system: the Trusted Computing Base (TCB) and the
Trusted Computing Environment (TCE).
The TCB enforces security mechanisms at the lowest system level, but at the
highest security level. For the sake of simplicity, it only includes the kernel, the file
server, the installation process, and basic functionalities such as signature verifica-
tion mechanisms, compression routines etc.
These basic components are extended by the TCE with components such as the
phones' user interface, phone manufacturer components, or telecommunication
provider mechanisms. The TCE can use TCB interfaces by providing appropriate
capabilities.
Appropriately signed software and suitable capabilities can be used to install new
applications or to enhance the functionality of the TCB or the TCE. However, the
majority of applications are installed on the OS outside of the TCE; consequently,
also outside of the TCB. In fact, most application simply own privileges to use APIs
offered by the TCE domain. On the other hand, unsigned software or software
signed by untrusted signers runs sandboxed: This means in SymbianOS that such
applications cannot access any security critical APIs. Due to this separation,
capabilities are also classified into TCB, system, and user capabilities.
Similar to the simplicity of the TCB, Symbian OS tries to keep the access control
mechanisms as simple as possible: It is based on paths that determine the level of
protection provided to the data contained within the directory the path specifies.
Changing access rules of files thus means relocate them to another directory.
Accordingly, SymbianOS distinguishes three special directories: /sys, /resource,
and /private. All directories contained in /sys are accessible by the TCB only; this
location stores, among other security-critical data, information required for
integrity protection of the system as well as for installed binaries. As the TCB is the
only system component that can install new binaries, /sys also contains these pro-
gram binaries. All directories contained within /resource, provide read-only
resource files, such as fonts, help pages, etc. Finally, directories within the path
/private hold private application data, and each application is assigned a unique
directory therein. Only this application has access to the data it stores here. All
Search WWH ::
Custom Search