<?xml version="1.0" encoding="utf-8"?>

<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->

<!-- This component and the accompanying materials are made available under the terms of the License 

"Eclipse Public License v1.0" which accompanies this distribution, 

and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->

<!-- Initial Contributors:

    Nokia Corporation - initial contribution.

Contributors: 

-->

<!DOCTYPE concept

  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">

<concept id="GUID-39A995DC-F047-4B41-A60D-27063CE329BE" xml:lang="en"><title>Planning

system and software security</title><prolog><metadata><keywords/></metadata></prolog><conbody>

<p>Devices based on the Symbian platform are capable of joining both public

and private networks and often have the functionality of a normal desktop

computer. However, the average user does not perceive the device as a computer,

but rather as a regular phone that is safe from security threats. This creates

an opportunity for hostile attackers to infiltrate the device and wreak severe

direct or indirect damage (for example, by penetrating into the corporate

intranet).</p>

<p>It is, however, possible to anticipate these kinds of threats, and protect

applications by using the security features offered by the Symbian platform,

and by expanding <i>security policies</i> to cover mobile devices and services.</p>

<p>To develop system or software security, repeat the following steps:</p>

<ol>

<li id="GUID-98856624-2B55-44FC-9DD9-69850C2B22D9"><p>Define and

evaluate all critical assets (resources, information).</p></li>

<li id="GUID-4FE98A61-A0B8-4249-936E-DF319804AA2D"><p>Identify all

possible threats, vulnerabilities, and potential attacks, and estimate the

extent of possible damage.</p><p>Areas to examine in the Symbian platform

are system resources, removable media, and communication between components.</p>

</li>

<li id="GUID-43B87274-297C-4AA8-B2A1-872E2BA83F30"><p>Prioritize

high-risk vulnerabilities, and select and implement corresponding security

features. If risks are sufficiently low, protective measures may be unnecessary.</p>

</li>

<li id="GUID-3D7F3A95-635E-4D9C-9883-BBD36263401D"><p>Repeat these

steps until the necessary level of protection is achieved.</p></li>

</ol>

<p/>

<fig id="GUID-A41ADA16-6D0B-4EA4-BBF2-67C2CFED68F3"><title>Security development process</title><image href="GUID-316D7B85-F827-4479-B5EE-81F210614236_d0e11518_href.png"/></fig>

<p>The security development process is guided by <i>cost</i>, <i>efficiency,</i> and <i>usability</i>.

If security is too tight, this may be expensive and affect both performance

and the user's experience of the system or software. On the other hand, if

security is too slack, this may result in severe damage and, in the long run,

be even more costly.</p>

<section id="GUID-39A995DC-F047-4B41-A60D-27063CE329BF"><title>Security methods</title>

<p>The list below contains the most common and important security methods

used in the mobile world:</p>

<ul>

<li><p><i>Ciphering</i> enables confidentiality. Information is

accessible only by authorized parties. With ciphering it is also possible

to maintain integrity.</p></li>

<li><p><i>Hash</i> function (<i>checksum</i>) can be used to verify

integrity and detect information tampering.</p></li>

<li><p><i>Signing</i> allows attaching of information to a certain

source.</p></li>

<li><p><i>Authentication</i> ensures that the object is what it

claims to be.</p></li>

<li><p><i>Access control</i> restricts unauthorized access to resources.</p>

</li>

<li><p><i>Authorization</i> is permission to perform tasks on behalf

of somebody else.</p></li>

<li><p><i>Certification</i> is provided usually by a third party

to prove information validity.</p></li>

<li><p><i>Recovery mechanisms</i> are usually implemented as redundancy

(duplication of information or routes).</p></li>

<li><p>In communication it is possible to use, for example, <i>error

correction</i> to repair transmission failures, <i>random traffic generation</i> to

keep the line occupied, and <i>packet uniforming</i> to blend important packets

into traffic.</p></li>

</ul>

<p>Some of the methods above are interconnected (for example, certification

requires that the information is signed) and not all of them are of equal

importance, since some basic methods form a base for more complicated methods.</p>

</section>