platform security for all

8/14/2019 Platform Security for All

1/24


2/24


3/24

Platform security for all

1st Edition, 06/08

Published by:Symbian Software Limited2-6 Boundary RowSouthwarkLondon SE1 8HPUKwww.symbian.com

Trademarks, copyright, disclaimer

Symbian, Symbian OS and other associated Symbian marks are alltrademarks of Symbian Software Ltd. Symbian acknowledges the trademarkrights of all third parties referred to in this material. Copyright SymbianSoftware Ltd 2008. All rights reserved. No part of this material may bereproduced without the express written permission of Symbian Software Ltd.Symbian Software Ltd makes no warranty or guarantee about the suitabilityor the accuracy of the information contained in this document. The informationcontained in this document is for general information purposes only andshould not be used or relied upon for any other purpose whatsoever.

Compiled by:Joe OdukoyaElise Korolev

Managing Editor:Ashlee Godwin

Design Consultant:Sabeena Aslam

Reviewed by:

Matthew AllenRoderick BurnsBruce CarneyAshlee GodwinCraig HeathJo Stichbury

3
http://www.symbian.com/http://www.symbian.com/http://www.symbian.com/http://www.symbian.com/


4/24

Contents

OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

SECTION I: PLATFORM SECURITY EXPLAINED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

THE NEED FOR SECURITY ON MOBILE PHONES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

SECURITY ON SYMBIAN OS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

GETTING APPLICATIONS ONTO THE PHONE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

KEEPING PRIVATE INFORMATION PRIVATE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

THE BENEFITS OF A GOOD SECURITY SYSTEM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

SECTION II: DEVELOPER Q&AS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

WHY SHOULD I WORRY ABOUT SECURITY? HOW DOES IT AFFECT ME?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

TO USE SYMBIAN SIGNED OR NOT TO USE SYMBIAN SIGNED? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

HOW DO I WORK ON A SECURE PLATFORM? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

INSTALLING YOUR APPLICATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

SECTION III: FURTHER MATERIAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

BOOKS FROM SYMBIAN PRESS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

PLATFORM SECURITY RESOURCES FOR DEVELOPERS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

SYMBIAN SIGNED RESOURCES FOR DEVELOPERS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

REGIONAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

4


5/24

Overview

This booklet provides a brief introduction to platform security on Symbian OS. While it willgive you a basic foundation, those wishing to understand the concepts in greater depth arestrongly encouraged to read the Symbian Press book Symbian OS Platform Securityby Craig

Heath et al. (see developer.symbian.com/platform_security_book for more information) fromwhich most of the material in this booklet has been extracted.If you want to know more about the options for signing applications there is a separatemanual, called A guide to Symbian Signed, available fromdeveloper.symbian.com/ssguide.

Introduction

Symbian OS is the market-leading operating system for advanced mobile phones. More than200 million Symbian OS-based mobile phones have been shipped worldwide, with 222 models

across many different market segments, from mid-range feature phones to highly advancedsmartphones. In 2007, 77 million phones based on Symbian OS were sold, representing aseven percent share of the entire global mobile phone market.

Symbians customers include the worlds leading mobile phone manufacturers. Symbian alsomaintains close collaboration with network operators, semiconductor partners, and middlewareproviders in order to guarantee a thriving ecosystem around Symbian OS and the devices thatuse it. Through these relationships, Symbian is positioned to deliver the worlds most-usedmobile software platform for smartphones.

One of the core benefits of Symbian OS is its 'openness;' the ability for applications to beinstalled on Symbian OS-based devices in order to deliver new services or to provide a morepersonalized experience for the user. Preserving this benefit, while also ensuring that themobile phone user is protected from security threats (such as those typically seen withdesktop computers), is the main goal of Symbians platform security design.

The large installed base of devices built on Symbian OS and the increasing popularity of thesedevices makes them a likely target for viruses and other malware. However, in the two yearssince Symbian introduced its security architecture (in Symbian OS v9) there have been noreported cases of viruses or other malicious code affecting mobile phones based on SymbianOS v9.x.

5
http://developer.symbian.com/platform_security_bookhttp://developer.symbian.com/platform_security_bookhttp://developer.symbian.com/platform_security_bookhttp://developer.symbian.com/ssguidehttp://developer.symbian.com/ssguidehttp://developer.symbian.com/ssguidehttp://developer.symbian.com/ssguidehttp://developer.symbian.com/ssguidehttp://developer.symbian.com/platform_security_book


6/24

Section I: Platform Security Explained

The need for security on mobile phonesThe increasing popularity of mobile phones, combined with their inherently personal nature,make them vulnerable to security threats. In particular, mobile phones based on Symbian OS

have a large number of advanced features such as video recording, multi-megapixel cameras,and MP3 players. This means that users are more inclined to carry large amounts of personaldata with them, stored on their mobile phone. In addition, Symbian OS-based phones allowusers to download and install applications to extend those already available on the device.There is a risk that these after-market applications could, either deliberately or unintentionally,compromise the phone, the network the phone is running on, or the users personal data.

Without proper security management, applications can perform undesirable actions such as: tampering with users data, including accessing the users private data and forwarding it creating billable events, such as sending premium rate text messages or dialling premiumrate phone numbers, without the users knowledge or consent

executing instructions that cause the mobile phone to become unstable.

Symbians security architecture has therefore been designed with the following key factors in mind: to protect the phone from badly written software to protect the phone from potential viruses and other malicious programs to protect the user from fraudulent applications which cause billable events (i.e., spendingmoney on the users behalf) without the users knowledge and consent

to improve trust by signing applications with a tamper-proof digital signature to identifytheir origin

to protect the users private data from unauthorized access

to protect paid-for content from piracy.

Security on Symbian OSTo secure Symbian OS v9.x, Symbian reviewed the APIs offered by the platform and assignedthem into groups according to both their functionality and how critical they are to the overallfunctioning of the system. Access to a group of APIs is controlled by an access permissionknown as a capability. In order to access a particular API group an application needs to havethe right capability assigned to it.

Not all capabilities are available to all code; permissions are granted based on thetrustworthiness of an application.

There are three trust tiers in Symbian OS: Trusted Computing Base (TCB).This contains the most trusted parts of the OS. It is responsible for maintaining the integrityof the system and its also the part that is least restricted (i.e., it has access to the fullrange of capabilities available). The Trusted Computing Base consists of the Symbian OSkernel, the file system, and the software installer (the software installer, and how itprovides a path for applications to enter the trust tiers, is illustrated in Figure 3).

Trusted Computing Environment (TCE).This is the next tier of trust. Its code has access to only a subset of capabilities. The

Trusted Computing Environment largely consists of system servers (i.e., processes thatmanage and control access to system resources), such as the window server process thatcontrols access to the screen hardware.

6


7/24

Each server is only given the capabilities it needs in order to perform its function. So, forexample, the window server does not have access to any capabilities that are used forcommunications or for the reading and writing of user data. In this way it is not possiblefor a misbehaving system server to compromise the security of another server since it doesnot have access to the same APIs.

Application.

Code running outside of the Trusted Computing Environment has access only to those APIsthat are unlikely to pose a security risk. The APIs available in the Application tier aregrouped by capabilities that relate to user-level features or actions, that is, those that auser can understand. These capabilities are often known as user capabilities or'application' capabilities. Untrusted applications must request permission from the userbefore accessing these APIs. For example, creating a network connection potentially coststhe user money and therefore unsigned or self-signed code must gain permission before itcan do so.

Figure 1 illustrates the comparative levels of trust and the corresponding ability of an

application to access critical APIs.

Figure 1: The relationship between trust and the ability of an application to access critical APIs.

TCB

TCE

Application

Increasing level of trust.

Increasing access to

critical APIs.

Decreasing level of trust.

Decreasing access to

critical APIs.

7


8/24

The capabilities available in each trust tier are shown in Figure 2 below.

Figure 2: The capabilities available in each trust tier.

Consider a local multi-player game that communicates over Bluetooth. This would need theLocalServices capability to make use of a Bluetooth connection. However, it may not needany other capabilities and therefore the application should not request any other capabilities.Application developers should ensure that they ask for as few capabilities as possible, as thishelps to ensure that the security of the phone cannot be compromised by accidental errors inthe application itself.

The process of granting capabilities to applications is managed by the signing process which iscovered briefly in the next section.

Some applications do not make use of any capabilities, because they call only APIs that aredeemed safe and unlikely to pose a security risk. On most Symbian smartphones, suchapplications do not need to be signed by a certification authority. When signing is necessary,such an application may simply be self-signed by the application developer. Unsigned andself-signed applications are treated as 'untrusted,' but nevertheless can be installed and runon the phone because they are prevented from calling any privileged APIs for whichcapabilities are required.

Trusted Computing Base

Full access to all APIs and files

(kernel, installer, file server)

Trusted Computing Environment

Servers with 'System Capabilities'

Most third-party applications need

only 'Application Capabilities,'

(usually grantable by the user)

8


9/24

Figure 3: The software installer provides a path for applications to enter the trust tiers.

Getting applications onto the phoneAs the introduction explained, one of the fundamental benefits of Symbian OS is itsopenness. The ability to add new features and services by installing after-market applicationsgives the user great flexibility. Mobile phones can be customized simply by downloading andinstalling applications such as games, productivity tools, photo editors, blogging applications, etc.

When a trusted application is installed it is given certain access permissions; the application isgranted access to the set of APIs it needs in order to operate. An untrusted application, onceinstalled, can also request permission from the user to access certain capabilities. For example,if the application needs to connect to a remote server it will need to create a data connection,which could cost the user money. The application can request permission from the user tocreate that data connection (i.e., to gain access to the NetworkServices capability).

If, however, the application needs access to more sensitive APIs, or does not want to rely onthe user granting permissions, the application author can request the necessary capabilities viathe signing process. Before an application is signed it has to meet the requirements specified

by the Symbian Signed Test Criteria to ensure that the application is reasonably robust, stable,and well behaved.

9


10/24

The application developer is required to declare the capabilities (i.e., the groups of APIs) thatthe application needs access to. If the application passes the testing process, it is given therights to access the requested capabilities.

More detail on the signing process, the testing involved, and the different signing optionsavailable are given in the Symbian booklet A guide to Symbian Signed. However, the five key

points to remember are:

1. An application can still run on a Symbian smartphone and use a large set of APIs even if ithas not been Symbian Signed. The security settings on most Symbian OS phones allowuntrusted applications to be installed.1 A single-player game with only user interfaceinteraction, for example, could run perfectly well as an untrusted application.

2. An application needs to be Symbian Signed if it falls into one of these categories,such that it:

requires access to APIs protected by system capabilities

wishes to avoid user prompts at installation or runtimeneeds to install even on those Symbian OS phones that are configured to refuse untrustedapplications.

3. Any application that requires access to restricted APIs in the TCE will need to demonstrate ahigh degree of stability and robustness.

4. The most critical capabilities are the most protected and often require the approval of thedevice manufacturer before access can be granted to an application.

5. Application developers should decide carefully which APIs they need and only request

those; do not request a capability unless it is actually required by the code. This ensuresthat the application will not accidentally compromise the security of any device it runs on.

The table on the next page is a guide to correctly choosing capabilities for an application;there are 20 different capabilities in total:

1 An untrusted application is one that is unsigned or that has been self-signed by the application developer. Such

an application can still request application capabilities, which must then be granted by the user.

10


11/24

LocalServices

Location

NetworkServices

ReadUserData

UserEnvironment

WriteUserData

CommDD

DiskAdmin

MultiMediaDD

NetworkControl

PowerMgmt

ProtServ

ReadDeviceData

SurroundingsDD

SwEvent

TrustedUI

WriteDeviceData

TCB, DRM, ALLFiles

11


12/24

Capabilities and their corresponding APIs are covered in extensive detail in Symbian DeveloperLibrary documentation found online atdeveloper.symbian.com.Keeping private information privateAs described earlier, one of the key goals of platform security is to protect the mobile phoneusers data from being accessed without authorization. In order to achieve this, Symbian OS

introduces the concept of data caging. By default, applications are only able to access datathat they own. This means that:

An application cannot access (and therefore tamper with) another applications data,therefore making data more secure.

In order to access data other than its own, an application must make a request to theowning application. The owning application will check that the requester has the necessarycapability and then supply the requested data.

For example, if an application wants to display some names and addresses from the userscontact list it must make a request from the owner of the contact database, which is the

Contacts engine. Having received the request, the Contacts engine will verify that theapplication has the ReadUserData capability before supplying the required contactinformation.

By using data caging to ensure data access is correctly policed by the owning applications,data storage throughout the system is made more robust and secure.

The benefits of a good security systemOne of the primary aims of platform security is to maintain the characteristic openness ofSymbian OS while giving the user a high degree of confidence in the applications they areinstalling.

There are, of course, benefits for other parties in the chain: Phone manufacturers benefit from the protection of their reputations, which ultimately leadsto increased phone sales. In addition the devices are less vulnerable, leading to lessliability risk for the manufacturers.

Operators do not have to deal with the additional support costs that are due to malware-infected phones. Operators networks are also protected from attacks which wouldotherwise affect their performance.

Application developers benefit from a much larger market for third-party applications. Dueto greater levels of trust and confidence in third-party applications, users are increasingly

willing to purchase and install them. Correspondingly, manufacturers and network operatorsare willing to support platforms that are open to after-market installation. Finally, the mobile phone users are secure in the knowledge that their personal data is safeand that there is a much-reduced risk that their devices will be infected by malware.

12
http://developer.symbian.com/http://developer.symbian.com/http://developer.symbian.com/http://developer.symbian.com/http://developer.symbian.com/


13/24

Section II: Developer Q&As

Why should I worry about security? How does it affect me?

Q. Why should I worry about security?

A. Mobile phones are always on and connected, making the data they hold vulnerable tounauthorized access. Platform security helps the user feel that their personal information issecure.

As an application developer you should consider the following questions: does your application need to access data on the device? does your application create data and, if so, does this data need to be kept confidential orshould it be shared with other applications?

All of these issues have an impact on how security-aware your application needs to be.

Q. Why hasnt Symbian just followed the PC security model, using firewalls and anti-virussoftware? This whole thing seems quite complicated.

A. Mobile phones are not PCs and therefore a PC-like approach is not appropriate. Mobilephones are expected to continue running, for days and weeks, without the need forrebooting or resets. They also have limited resources and Symbian OS is written to ensurethe efficient use of the resources that are available. Having platform security designed intothe OS offers maximum protection while still maintaining overall device performance inareas such as battery life, memory usage, UI response times, and application speed.

Q. Will an application written prior to Symbian OS v9.x work on v9.x devices?

A. An application written for earlier versions of Symbian OS will need to be modified. Thechanges required are clearly documented, for example, in the Symbian Developer Librarythat can be found in every SDK. (A list of platform security resources is given in Section III.)

Q. How has platform security changed the software installation process?A. Prior to the introduction of platform security any application could be installed on any

compatible device, and so users could potentially install malicious or badly writtenapplications onto their devices. Now, with platform security, there is much more control overwhich applications can be installed on the phone and what the applications can actually doonce they are installed. This is controlled via the signing process (see the next section, Touse Symbian Signed or not to use Symbian Signed?).

Q. What do I need to take into account for the installation of my application?A. The key questions are:

does your application need any sensitive capabilities?If you do not require access to any protected APIs, or only those protected by user-grantable capabilities from the application set, then your application does not need to beSymbian Signed it can be installed untrusted after self-signing.

which protected APIs do you need to access?Careful analysis of your API requirements will tell you what capabilities will be needed foryour application to run correctly.

Q. Does Symbian platform security protect memory cards?A. The general answer to this is yes, as while the add-on storage is connected to the device

it is under the protection of the security architecture. However, add-on storage can be

13


14/24

removed from the device and inserted into another device such as PC, game consoles, etc.,which makes the data accessible and therefore its confidentiality and integrity can nolonger be guaranteed.

We strongly recommend that you do not store sensitive data on external storage.

To use Symbian Signed or not to use Symbian Signed?

Q. Do all v9.x applications need to be Symbian Signed?A. No. Applications that use only APIs protected by user-grantable capabilities from the

application set, or those that require no capabilities at all, do not need to be SymbianSigned.Device manufacturers and network operators can set their own security policies, which oftenprevent any unsigned application from installing. In these cases, applications may be self-signed, which allows them to be installed, but because they are not Symbian Signed, theyare considered untrusted.

Releasing a self-signed, untrusted application may be a more practical option for non-commercial applications which are distributed in limited numbers, rather than submittingthem to be Symbian Signed.

Q. At what point in the development process do I need to get my application Symbian Signed?A. All applications which carry out sensitive operations need to be Symbian Signed before

they are released finally for users to install onto their phones. However, you do not need toget your applications Symbian Signed during their development, since you can use theWindows emulator and Open Signed (using developer certificates) for testing on phonehardware.

Q. What is a developer certificate?A. A developer certificate (DevCert) is used for testing during the development of an

application. It is usable with a specific phone, for a specific subset of capabilities, and it isvalid for a limited period from the date of issue.

You can get a developer certificate from a trusted signing authority such as SymbianSigned, or a mobile phone manufacturer or network operator.

How do I work on a secure platform?

Q. There are hundreds of APIs called by my program. How do I determine which capabilitiesI need?

A. First, you should make sure that your application really does need a capability. There aremany applications that are developed without using any of the sensitive system APIs thatare protected by platform security. Only about 40% of all Symbian OS APIs are groupedassigned capabilities and most of these are so specialized that few applications need touse them.

14


15/24

Symbian OS defines 20 distinct capabilities, which can be classified within three broadcategories:

TCB capability, only possessed by the Trusted Computing Base itself other system capabilities 'application' capabilities, which may be granted by the user.

It will help to define which capabilities your application will need early in the design phase.The best two methods to do so are:

List the general operations the application will perform and choose the requiredcapabilities. For example, an instant messaging application might requireNetworkServices to access the Internet and ReadUserData for reading from theusers address book.

Review each API that you plan to use and record the capabilities required for each one.Keep in mind that it may be possible to find a higher-level API which can perform theoperation required with fewer capabilities.

Note that the application may need to be approved by a third-party, such as SymbianSigned, a network operator, or the mobile phone manufacturer in order to be grantedcertain capabilities to be able to run on a real device.

Q. What determines the capabilities of a process?A. The capabilities of a process are determined by those assigned to it at build time. A process

can load a DLL that has a larger set of capabilities than it does, as long as the DLL hasbeen trusted with at least the same set of capabilities that the process has.

Q. Why do DLLs need capabilities?

A. A DLL contains code that accesses APIs just like any other piece of code and it thereforeneeds to adhere to the same security policies. A DLL is prevented from being loaded intoany process which has a capability that the DLL does not already have.

Q. What capabilities do plug-in DLLs need?A. Plug-in DLLs are treated in exactly the same way as standard DLLs.

Q. What capabilities do shared DLLs need?A. Each shared DLL will need to be assigned a set of capabilities that covers all the

capabilities requested by the applications that use the DLL.

Q. Why does my DLL need to have all of these capabilities it doesn't use?A. A DLL may need to possess capabilities that it does not itself use, if it is to be loaded by

an application which needs those capabilities. DLLs that are intended to be shared withthird-party applications are often signed with a large set of capabilities so that they may beused by a greater number of applications, as the DLL developer does not know in advancewhich capabilities the applications will need.

Q. What is data caging? How does it work?A. Since Symbian OS v9, a number of restrictions have been put in place so that applications

can only write data to certain filesystem locations. This prevents applications from being

able to access data owned by other applications, or tamper with the binaries of otherapplications of the operating system itself.

15


16/24

This means that it is much easier to track data and to protect the files and content fromunauthorized access.

Q. Is the private directory created automatically in data caging?A. Yes! Each application has a directory under \private which the installer will create

automatically. You will find this directory useful, as only the application associated with this

directory can create, read, and write files there. Use this file location in order to ensure yourdata is protected.

Installing your application

Q. I tested and debugged my SIS file but it still does not install correctly.A. Tools from earlier kits will not work correctly. Also you will need at least version 4,0,0,1 for

MakeSIS as it creates package archives which use the new SIS file format.

A complete list of the tools you need can be found in the Symbian Developer Library, which

accompanies each SDK and can also be found online atdeveloper.symbian.com.Q. I tested and debugged my SIS file but it still does not install correctly.A. This may be because you are still trying to use a certificate that you used at the testing

stage, when using Open Signed (and developer certificates). You should rebuild yourapplication, using an up-to-date version ofMakeSIS, to create a new SIS file in order toremove the developer certificate references. Your SIS file should then contain the correctbinaries ready for release.

Q. My application does not require any capabilities, so why do I get a message on my phonethat it is from an untrusted source?

A. This is a standard installation warning, used if the application hasnt been signed by atrusted authority such as Symbian Signed.

To remove the warning, you can submit your application for either of the Express Signed orCertified Signed options offered by Symbian Signed. This also may make your target marketfeel more comfortable when installing your application, as it indicates that it comes from atrusted source.

16
http://developer.symbian.com/http://developer.symbian.com/http://developer.symbian.com/http://developer.symbian.com/http://developer.symbian.com/


17/24

Section III: Further Material

Below is a list of various additional resources which will help you to understand more abouthow to work with platform security and Symbian Signed.

Books from Symbian PressSymbian OS Platform Security: Software Development Using the Symbian OS SecurityArchitecture, Craig Heath et al., Symbian Press, 2006.

Developing Software for Symbian OS, Second Edition: A Beginner's Guide to Creating SymbianOS v9 Smartphone Applications in C++, Steve Babin, Symbian Press, 2007.

Platform security resources for developers

Platform Security and Symbian Signed - Foundation for a Secure Platform

(developer.symbian.com/main/downloads/papers/PlatSec_and_Symbian_Signed.pdf), January 2008.Platform Security Concepts - chapter 2 (a sample chapter) from Craig Heath's book(developer.symbian.com/main/learning/press/books/sops/plat_sec_chap.pdf), March 2006.Platform Security Guidein the Symbian Developer Library (e.g., for Symbian OS v9.3,www.symbian.com/developer/techlib/v9.3docs/doc_source/guide/platsecsdk).Platform Security chapter 8 ofSymbian OS Internals, available on the SDN++ wiki. This isonly available to SDN++ members, although the paper version is available by buying the book

(developer.symbian.com/wiki/display/ppg/Chapter+8+-+Platform+Security)Symbian Signed resources for developers

A guide to Symbian Signed(developer.symbian.com/ssguide), March 2008.Symbian Signed e-learningon Forum Nokia(www.forum.nokia.com/info/sw.nokia.com/id/a29509c5-9270-412b-981b-c060036d7126/Symbian_Signed.html), March 2008.Signing Applications for Sony Ericsson UIQ 3 Phones

(developer.sonyericsson.com/getDocument.do?docId=84686), February 2008.Regional

A Japanese version of Symbian OS Platform Security: Software Development Using the SymbianOS Security Architecture, Craig Heath et al. is available(developer.symbian.com/main/learning/press/books/sops_japan/index.jsp).

17
http://developer.symbian.com/main/downloads/papers/PlatSec_and_Symbian_Signed.pdfhttp://developer.symbian.com/main/downloads/papers/PlatSec_and_Symbian_Signed.pdfhttp://developer.symbian.com/main/downloads/papers/PlatSec_and_Symbian_Signed.pdfhttp://developer.symbian.com/main/downloads/papers/PlatSec_and_Symbian_Signed.pdfhttp://developer.symbian.com/main/learning/press/books/sops/plat_sec_chap.pdfhttp://developer.symbian.com/main/learning/press/books/sops/plat_sec_chap.pdfhttp://developer.symbian.com/main/learning/press/books/sops/plat_sec_chap.pdfhttp://developer.symbian.com/main/learning/press/books/sops/plat_sec_chap.pdfhttp://www.symbian.com/developer/techlib/v9.3docs/doc_source/guide/platsecsdkhttp://www.symbian.com/developer/techlib/v9.3docs/doc_source/guide/platsecsdkhttp://www.symbian.com/developer/techlib/v9.3docs/doc_source/guide/platsecsdkhttp://www.symbian.com/developer/techlib/v9.3docs/doc_source/guide/platsecsdkhttp://developer.symbian.com/wiki/display/ppg/Chapter+8+-+Platform+Securityhttp://developer.symbian.com/wiki/display/ppg/Chapter+8+-+Platform+Securityhttp://developer.symbian.com/wiki/display/ppg/Chapter+8+-+Platform+Securityhttp://developer.symbian.com/wiki/display/ppg/Chapter+8+-+Platform+Securityhttp://developer.symbian.com/ssguidehttp://developer.symbian.com/ssguidehttp://developer.symbian.com/ssguidehttp://www.forum.nokia.com/info/sw.nokia.com/id/a29509c5-9270-412b-981b-c060036d7126/Symbian_Signed.htmlhttp://www.forum.nokia.com/info/sw.nokia.com/id/a29509c5-9270-412b-981b-c060036d7126/Symbian_Signed.htmlhttp://www.forum.nokia.com/info/sw.nokia.com/id/a29509c5-9270-412b-981b-c060036d7126/Symbian_Signed.htmlhttp://www.forum.nokia.com/info/sw.nokia.com/id/a29509c5-9270-412b-981b-c060036d7126/Symbian_Signed.htmlhttp://www.forum.nokia.com/info/sw.nokia.com/id/a29509c5-9270-412b-981b-c060036d7126/Symbian_Signed.htmlhttp://www.forum.nokia.com/info/sw.nokia.com/id/a29509c5-9270-412b-981b-c060036d7126/Symbian_Signed.htmlhttp://developer.sonyericsson.com/getDocument.do?docId=84686http://developer.sonyericsson.com/getDocument.do?docId=84686http://developer.sonyericsson.com/getDocument.do?docId=84686http://developer.sonyericsson.com/getDocument.do?docId=84686http://developer.symbian.com/main/learning/press/books/sops_japan/index.jsphttp://developer.symbian.com/main/learning/press/books/sops_japan/index.jsphttp://developer.symbian.com/main/learning/press/books/sops_japan/index.jsphttp://developer.symbian.com/main/learning/press/books/sops_japan/index.jsphttp://developer.symbian.com/main/learning/press/books/sops_japan/index.jsphttp://developer.symbian.com/main/learning/press/books/sops_japan/index.jsphttp://developer.symbian.com/main/learning/press/books/sops_japan/index.jsphttp://developer.sonyericsson.com/getDocument.do?docId=84686http://www.forum.nokia.com/info/sw.nokia.com/id/a29509c5-9270-412b-981b-c060036d7126/Symbian_Signed.htmlhttp://www.forum.nokia.com/info/sw.nokia.com/id/a29509c5-9270-412b-981b-c060036d7126/Symbian_Signed.htmlhttp://developer.symbian.com/ssguidehttp://developer.symbian.com/wiki/display/ppg/Chapter+8+-+Platform+Securityhttp://www.symbian.com/developer/techlib/v9.3docs/doc_source/guide/platsecsdkhttp://developer.symbian.com/main/learning/press/books/sops/plat_sec_chap.pdfhttp://developer.symbian.com/main/downloads/papers/PlatSec_and_Symbian_Signed.pdf


18/24

18

from

Games on Symbian OS: A Handbook for Mobile Development

Developing Software for Symbian OS, Second Edition

This book forms part of the Technology

Series from Symbian Press. It describesthe key aspects of the mobile gamesmarketplace, with particular emphasis oncreating games for smartphones based onSymbian OS v9.x.

This second edition ofDeveloping Softwarefor Symbian OShelps software developersnew to Symbian OS to create smartphoneapplications. The original book has beenupdated for Symbian OS v9 and nowincludes a new chapter on applicationsigning and platform security, and updatesthroughout for Symbian OS v9 and changesto the development environment.

Symbian Press: developer.symbian.com/press
http://developer.symbian.com/bookshttp://developer.symbian.com/books


19/24

19

from

Symbian OS Communications Programming,Second Edition

Symbian OS C++ for Mobile Phones, Volume 3

Targeting Symbian OS v9.1 and v9.2,

Symbian OS CommunicationsProgramming- Revised and updatedwill introduce you to the majorcommunications functionality inSymbian OS and demonstrates howto perform common tasks in eacharea.

This book will help you to become aneffective Symbian OS developer, and willgive you a deep understanding of thefundamental principles upon whichSymbian OS is based.


20/24

20

from

The Symbian OS Architecture Sourcebook

Mobile Python

This book conducts a rapid tour of the

architecture of Symbian OS and providesan introduction to the key ideas of objectorientation (OO) in software, with adetailed exploration of the architecture ofSymbian OS.

Mobile Python is a practical hands-onbook that introduces the popular opensource programming language Pythonto the mobile space. It teaches how toprogram your own powerful - and fun -applications easily on Nokiasmartphones based on Symbian OS andthe S60 platform.

Symbian Press: developer.symbian.com/press
http://developer.symbian.com/bookshttp://developer.symbian.com/books


21/24

21

from

For all Symbian C++ developers:

Developing Software for Symbian OS

by Steve Babin

Symbian OS C++ for Mobile Phones Volume 1by Richard Harrison

Symbian OS C++ for Mobile Phones Volume 2by Richard Harrison

Symbian OS Explainedby Jo Stichbury

Symbian OS Internalsby Jane Sales

Symbian OS Platform Securityby Craig Heath

Smartphone Operating System Concepts with Symbian OSby Mike Jipping

Accredited Symbian Developer Primerby Jo Stichbury & Mark Jacobs


22/24

22

from

For enterprise and IT professionals:

Rapid Mobile Enterprise Development for Symbian OS

by Ewan Spence

For Symbian OS project managers:

Symbian for Software Leadersby David Wood

For connectivity application developers:

Programming PC Connectivity Applications for Symbian OSby Ian McDowall

For Java developers:

Programming Java 2 Micro Edition for Symbian OSby Martin de Jode

For UI Developers

S60 Programmingby Paul Coulton and Reuben Edwards


23/24

23

from

Published Booklets

Coding Standards

Coding TipsPerformance TipsEssential UIQ - Getting StartedGetting to MarketGetting StartedQuick Recipes Taster

Java ME on Symbian OSP.I.P.SCarbide.c++ v1.3Data Sharing TipsEssential S60 - Developers Guide

Translated Booklets

Chinese Spanish

Japanese Russian

Korean


24/24

platform security for all

Documents