Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Symbian OS Platform Security", Craig Heath

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSYOSPS.RVW 20060615 Symbian OS Platform Security , Craig Heath, 2006, 0-470-01882-8, U$70.00/C$90.99 %A Craig Heath %C 5353 Dundas Street West, 4th
    Message 1 of 1 , Aug 3, 2006
    • 0 Attachment
      BKSYOSPS.RVW 20060615

      "Symbian OS Platform Security", Craig Heath, 2006, 0-470-01882-8,
      U$70.00/C$90.99
      %A Craig Heath
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2006
      %G 0-470-01882-8
      %I John Wiley & Sons, Inc.
      %O U$70.00/C$90.99 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0470018828/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0470018828/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0470018828/robsladesin03-20
      %O Audience a Tech 2 Writing 2 (see revfaq.htm for explanation)
      %P 249 p.
      %T "Symbian OS Platform Security"

      Part one is an introduction to the Symbian mobile (cellular) phone
      operating system, and particularly its security provisions. Chapter
      one examines the reasons for the emphasis on security in a mobile
      phone: the users' perception of it as a more personal (and therefore
      more trusted) device and the acceptability of remote network
      installations and administration. Therefore, the developers of
      Symbian were faced with the challenge of creating an "open"
      development platform, while implementing security constraints.
      "Platform Security Concepts," in chapter two, presents an interesting
      basic catalogue, but concentrates on capability lists. (In this, the
      term may not be used in a standard manner: the capabilities appear to
      be preset, rather than being taken from the calling capability.)

      Part two looks at application development for platform security.
      Chapter three describes the basic functions of the Symbian security
      environment. A decent, basic list of suggestions for writing secure
      applications is in chapter four, but there are few details. How to
      write secure servers (common processes), in chapter five, provides
      only generic advice, and has oddly little information that is
      distinctive to Symbian. Chapter six, on the development of plug-ins,
      is more code and architecture specific. The safe sharing of data, in
      chapter seven, is addressed with a useful list of threats and
      countermeasures, and an outline of various security related components
      and provisions.

      Part three deals with the management of platform security attributes.
      Chapter eight examines the native software installer, concentrating on
      encryption key certificates. How developers obtain and use these
      certificates is reviewed in chapter nine. Some of the public key
      infrastructure behind the system can be inferred from the description
      (by those familiar with the concepts) but little detail is provided.

      Part four, on the future of mobile device security, consists of
      chapter fourteen, which mentions a variety of potential functions for
      mobile phones.

      For those wanting an introduction to the security provisions of the
      Symbian operating system, this work provides a useful starting guide.
      Developers, however, may need a bit more. For example, the statement
      is made that the platform is "less prone" to buffer overflows, but
      there is no discussion of why this is so, how it is achieved, or to
      what extent a developer can rely upon the operating system to protect
      against the problem of buffer overflows (or other types of malformed
      data). Given that most Symbian security is based on capability tables
      and certificates (and particularly with a somewhat non-standard
      definition of capabilities) these concepts, and their limits, should
      probably be explained more fully.

      copyright Robert M. Slade, 2006 BKSYOSPS.RVW 20060615


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      I have found that many organizations want change,
      but nobody wants to do anything differently. - Jeffrey Pfeffer
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
      http://victoria.tc.ca/techrev/rms.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.