Symbian3/SDK/Source/GUID-39A995DC-F047-4B41-A60D-27063CE329BE.dita
changeset 8 ae94777fff8f
parent 7 51a74ef9ed63
child 13 48780e181b38
--- a/Symbian3/SDK/Source/GUID-39A995DC-F047-4B41-A60D-27063CE329BE.dita	Wed Mar 31 11:11:55 2010 +0100
+++ b/Symbian3/SDK/Source/GUID-39A995DC-F047-4B41-A60D-27063CE329BE.dita	Fri Jun 11 12:39:03 2010 +0100
@@ -1,77 +1,77 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
-<!-- This component and the accompanying materials are made available under the terms of the License 
-"Eclipse Public License v1.0" which accompanies this distribution, 
-and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
-<!-- Initial Contributors:
-    Nokia Corporation - initial contribution.
-Contributors: 
--->
-<!DOCTYPE concept
-  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
-<concept id="GUID-39A995DC-F047-4B41-A60D-27063CE329BE" xml:lang="en"><title>Planning
-system and software security</title><prolog><metadata><keywords/></metadata></prolog><conbody>
-<p>Devices based on the Symbian platform are capable of joining both public
-and private networks and often have the functionality of a normal desktop
-computer. However, the average user does not perceive the device as a computer,
-but rather as a regular phone that is safe from security threats. This creates
-an opportunity for hostile attackers to infiltrate the device and wreak severe
-direct or indirect damage (for example, by penetrating into the corporate
-intranet).</p>
-<p>It is, however, possible to anticipate these kinds of threats, and protect
-applications by using the security features offered by the Symbian platform,
-and by expanding <i>security policies</i> to cover mobile devices and services.</p>
-<p>To develop system or software security, repeat the following steps:</p>
-<ol>
-<li id="GUID-98856624-2B55-44FC-9DD9-69850C2B22D9"><p>Define and
-evaluate all critical assets (resources, information).</p></li>
-<li id="GUID-4FE98A61-A0B8-4249-936E-DF319804AA2D"><p>Identify all
-possible threats, vulnerabilities, and potential attacks, and estimate the
-extent of possible damage.</p><p>Areas to examine in the Symbian platform
-are system resources, removable media, and communication between components.</p>
-</li>
-<li id="GUID-43B87274-297C-4AA8-B2A1-872E2BA83F30"><p>Prioritize
-high-risk vulnerabilities, and select and implement corresponding security
-features. If risks are sufficiently low, protective measures may be unnecessary.</p>
-</li>
-<li id="GUID-3D7F3A95-635E-4D9C-9883-BBD36263401D"><p>Repeat these
-steps until the necessary level of protection is achieved.</p></li>
-</ol>
-<p/>
-<fig id="GUID-A41ADA16-6D0B-4EA4-BBF2-67C2CFED68F3"><title>Security development process</title><image href="GUID-316D7B85-F827-4479-B5EE-81F210614236_d0e10243_href.png"/></fig>
-<p>The security development process is guided by <i>cost</i>, <i>efficiency,</i> and <i>usability</i>.
-If security is too tight, this may be expensive and affect both performance
-and the user's experience of the system or software. On the other hand, if
-security is too slack, this may result in severe damage and, in the long run,
-be even more costly.</p>
-<section id="GUID-39A995DC-F047-4B41-A60D-27063CE329BF"><title>Security methods</title>
-<p>The list below contains the most common and important security methods
-used in the mobile world:</p>
-<ul>
-<li><p><i>Ciphering</i> enables confidentiality. Information is
-accessible only by authorized parties. With ciphering it is also possible
-to maintain integrity.</p></li>
-<li><p><i>Hash</i> function (<i>checksum</i>) can be used to verify
-integrity and detect information tampering.</p></li>
-<li><p><i>Signing</i> allows attaching of information to a certain
-source.</p></li>
-<li><p><i>Authentication</i> ensures that the object is what it
-claims to be.</p></li>
-<li><p><i>Access control</i> restricts unauthorized access to resources.</p>
-</li>
-<li><p><i>Authorization</i> is permission to perform tasks on behalf
-of somebody else.</p></li>
-<li><p><i>Certification</i> is provided usually by a third party
-to prove information validity.</p></li>
-<li><p><i>Recovery mechanisms</i> are usually implemented as redundancy
-(duplication of information or routes).</p></li>
-<li><p>In communication it is possible to use, for example, <i>error
-correction</i> to repair transmission failures, <i>random traffic generation</i> to
-keep the line occupied, and <i>packet uniforming</i> to blend important packets
-into traffic.</p></li>
-</ul>
-<p>Some of the methods above are interconnected (for example, certification
-requires that the information is signed) and not all of them are of equal
-importance, since some basic methods form a base for more complicated methods.</p>
-</section>
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
+<!-- This component and the accompanying materials are made available under the terms of the License 
+"Eclipse Public License v1.0" which accompanies this distribution, 
+and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
+<!-- Initial Contributors:
+    Nokia Corporation - initial contribution.
+Contributors: 
+-->
+<!DOCTYPE concept
+  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
+<concept id="GUID-39A995DC-F047-4B41-A60D-27063CE329BE" xml:lang="en"><title>Planning
+system and software security</title><prolog><metadata><keywords/></metadata></prolog><conbody>
+<p>Devices based on the Symbian platform are capable of joining both public
+and private networks and often have the functionality of a normal desktop
+computer. However, the average user does not perceive the device as a computer,
+but rather as a regular phone that is safe from security threats. This creates
+an opportunity for hostile attackers to infiltrate the device and wreak severe
+direct or indirect damage (for example, by penetrating into the corporate
+intranet).</p>
+<p>It is, however, possible to anticipate these kinds of threats, and protect
+applications by using the security features offered by the Symbian platform,
+and by expanding <i>security policies</i> to cover mobile devices and services.</p>
+<p>To develop system or software security, repeat the following steps:</p>
+<ol>
+<li id="GUID-98856624-2B55-44FC-9DD9-69850C2B22D9"><p>Define and
+evaluate all critical assets (resources, information).</p></li>
+<li id="GUID-4FE98A61-A0B8-4249-936E-DF319804AA2D"><p>Identify all
+possible threats, vulnerabilities, and potential attacks, and estimate the
+extent of possible damage.</p><p>Areas to examine in the Symbian platform
+are system resources, removable media, and communication between components.</p>
+</li>
+<li id="GUID-43B87274-297C-4AA8-B2A1-872E2BA83F30"><p>Prioritize
+high-risk vulnerabilities, and select and implement corresponding security
+features. If risks are sufficiently low, protective measures may be unnecessary.</p>
+</li>
+<li id="GUID-3D7F3A95-635E-4D9C-9883-BBD36263401D"><p>Repeat these
+steps until the necessary level of protection is achieved.</p></li>
+</ol>
+<p/>
+<fig id="GUID-A41ADA16-6D0B-4EA4-BBF2-67C2CFED68F3"><title>Security development process</title><image href="GUID-316D7B85-F827-4479-B5EE-81F210614236_d0e11518_href.png"/></fig>
+<p>The security development process is guided by <i>cost</i>, <i>efficiency,</i> and <i>usability</i>.
+If security is too tight, this may be expensive and affect both performance
+and the user's experience of the system or software. On the other hand, if
+security is too slack, this may result in severe damage and, in the long run,
+be even more costly.</p>
+<section id="GUID-39A995DC-F047-4B41-A60D-27063CE329BF"><title>Security methods</title>
+<p>The list below contains the most common and important security methods
+used in the mobile world:</p>
+<ul>
+<li><p><i>Ciphering</i> enables confidentiality. Information is
+accessible only by authorized parties. With ciphering it is also possible
+to maintain integrity.</p></li>
+<li><p><i>Hash</i> function (<i>checksum</i>) can be used to verify
+integrity and detect information tampering.</p></li>
+<li><p><i>Signing</i> allows attaching of information to a certain
+source.</p></li>
+<li><p><i>Authentication</i> ensures that the object is what it
+claims to be.</p></li>
+<li><p><i>Access control</i> restricts unauthorized access to resources.</p>
+</li>
+<li><p><i>Authorization</i> is permission to perform tasks on behalf
+of somebody else.</p></li>
+<li><p><i>Certification</i> is provided usually by a third party
+to prove information validity.</p></li>
+<li><p><i>Recovery mechanisms</i> are usually implemented as redundancy
+(duplication of information or routes).</p></li>
+<li><p>In communication it is possible to use, for example, <i>error
+correction</i> to repair transmission failures, <i>random traffic generation</i> to
+keep the line occupied, and <i>packet uniforming</i> to blend important packets
+into traffic.</p></li>
+</ul>
+<p>Some of the methods above are interconnected (for example, certification
+requires that the information is signed) and not all of them are of equal
+importance, since some basic methods form a base for more complicated methods.</p>
+</section>
 </conbody></concept>
\ No newline at end of file