Friday, 26 February 2016

Effectiveness of the security model of Windows Phone 7 against threats

  1. The need for protection 
  2. Chambers
    • Trusted Computing Base (TCB)
    • Elevated Rights Chamber (ERC)
    • Standard Rights Chamber (SRC)
    • Least Privileged Chamber (LPC)
  3. Capabilities: Each application discloses its capabilities to the user, including;
    • Disclosure on the application details page in the Windows Phone Marketplace.
    • Disclosure with an explicit prompt upon application purchase, for those capabilities that have legal requirements for explicit disclosure and specific consent collection. 
    • Disclosure within the application, when the user is about to use the location capability for the first time.
  4. Sandbox
    • Every application on Windows Phone 7 runs in its own isolated chamber, and is defined by the declared capabilities that the application needs to function.
    • Applications developed by other companies that are distributed via the Windows Phone Marketplace cannot remain active in the background.
  5. Application Deployment
    • Application developers must register with Microsoft before an application can be submitted to the Marketplace Hub. 
    • All applications are code-signed by VeriSign.
    • The application development model’s use of “managed code only” in addition to the least privilege and isolation aspects of the Windows Phone OS 7.0 security model provide strong protections against security attacks

No comments:

Post a Comment