Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Symbian OS Platform Security", Craig Heath

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Symbian OS Platform Security", Craig Heath
Date: Thu, 03 Aug 2006 10:44:51 -0800 
BKSYOSPS.RVW   20060615

"Symbian OS Platform Security", Craig Heath, 2006, 0-470-01882-8,
U$70.00/C$90.99
%A   Craig Heath
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2006
%G   0-470-01882-8
%I   John Wiley & Sons, Inc.
%O   U$70.00/C$90.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0470018828/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0470018828/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0470018828/robsladesin03-20
%O   Audience a Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   249 p.
%T   "Symbian OS Platform Security"

Part one is an introduction to the Symbian mobile (cellular) phone
operating system, and particularly its security provisions.  Chapter
one examines the reasons for the emphasis on security in a mobile
phone: the users' perception of it as a more personal (and therefore
more trusted) device and the acceptability of remote network
installations and administration.  Therefore, the developers of
Symbian were faced with the challenge of creating an "open"
development platform, while implementing security constraints. 
"Platform Security Concepts," in chapter two, presents an interesting
basic catalogue, but concentrates on capability lists.  (In this, the
term may not be used in a standard manner: the capabilities appear to
be preset, rather than being taken from the calling capability.)

Part two looks at application development for platform security. 
Chapter three describes the basic functions of the Symbian security
environment.  A decent, basic list of suggestions for writing secure
applications is in chapter four, but there are few details.  How to
write secure servers (common processes), in chapter five, provides
only generic advice, and has oddly little information that is
distinctive to Symbian.  Chapter six, on the development of plug-ins,
is more code and architecture specific.  The safe sharing of data, in
chapter seven, is addressed with a useful list of threats and
countermeasures, and an outline of various security related components
and provisions.

Part three deals with the management of platform security attributes. 
Chapter eight examines the native software installer, concentrating on
encryption key certificates.  How developers obtain and use these
certificates is reviewed in chapter nine.  Some of the public key
infrastructure behind the system can be inferred from the description
(by those familiar with the concepts) but little detail is provided.

Part four, on the future of mobile device security, consists of
chapter fourteen, which mentions a variety of potential functions for
mobile phones.

For those wanting an introduction to the security provisions of the
Symbian operating system, this work provides a useful starting guide. 
Developers, however, may need a bit more.  For example, the statement
is made that the platform is "less prone" to buffer overflows, but
there is no discussion of why this is so, how it is achieved, or to
what extent a developer can rely upon the operating system to protect
against the problem of buffer overflows (or other types of malformed
data).  Given that most Symbian security is based on capability tables
and certificates (and particularly with a somewhat non-standard
definition of capabilities) these concepts, and their limits, should
probably be explained more fully.

copyright Robert M. Slade, 2006   BKSYOSPS.RVW   20060615


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
I have found that many organizations want change,
but nobody wants to do anything differently.       - Jeffrey Pfeffer
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Symbian OS Platform Security", Craig Heath, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Date:  [CISSP-D] IT Examination Handbook (updated), lists@infostruct.net
Previous by Thread:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Thread:  [CISSP-D] IT Examination Handbook (updated), lists@infostruct.net
Indexes:  [Date] [Thread] [Top] [All Lists]