embedded consumer electronics: security considerations in the use of high-level operating systems
DESCRIPTION
Consumer electronics systems are becoming increasingly connected, increasingly sophisticated and increasingly at risk from security threats. This presentation considers whether the use of high-level operating systems in consumer electronics can help address these risks.TRANSCRIPT
![Page 1: Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems](https://reader038.vdocument.in/reader038/viewer/2022100602/5584c5ffd8b42af8138b480b/html5/thumbnails/1.jpg)
Embedded Consumer Electronics:
Security Considerations in the Use
of High-Level Operating Systems
Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems
Craig HeathChief Security Technologist
Symbian Foundation
![Page 2: Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems](https://reader038.vdocument.in/reader038/viewer/2022100602/5584c5ffd8b42af8138b480b/html5/thumbnails/2.jpg)
Is Security an Issue?Is Security an Issue?
Connectivity means exposing an attack surface to the outside world
Trend to “apps with everything”
downloadable active content extends the market life of a consumer electronics device
provides additional revenue opportunities
but also provides additional attack surface
There will be attackers
hackers making a name for themselves
researchers proving a point
individuals cracking DRM for fun and profit
criminals attempting to defraud users and steal personal data
2
![Page 3: Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems](https://reader038.vdocument.in/reader038/viewer/2022100602/5584c5ffd8b42af8138b480b/html5/thumbnails/3.jpg)
Is a High-Level Operating System Good
for Security?
Is a High-Level Operating System Good for Security? Not necessarily – some downside
Complete Symbian Platform and associated tools contain 40 million lines of code
Similar figures for other HLOSes (Linux, iOS, Windows CE)
Security assurance of so much code is effectively impossible
But it can bring significant benefits
Application Security Framework
nobody wants to repeat the PC malware explosion
Content Protection
to prevent copying and redistribution of commercial content
User Data Controls
users need easy-to-understand and enforceable privacy controls
3
![Page 4: Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems](https://reader038.vdocument.in/reader038/viewer/2022100602/5584c5ffd8b42af8138b480b/html5/thumbnails/4.jpg)
The Least-Privilege Principle Can HelpThe Least-Privilege Principle Can Help
Requires a modular platform architecture rather than a monolithic one
Ensures that the majority of the code base is running with the minimum privileges necessary to perform each task
Security assurance can target only the highly privileged code
Minimises the risk posed by security vulnerabilities due to design or implementation errors
Allows tight sandboxing of third-party code while still enabling rich functionality
4
![Page 5: Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems](https://reader038.vdocument.in/reader038/viewer/2022100602/5584c5ffd8b42af8138b480b/html5/thumbnails/5.jpg)
Symbian Platform: Capability ArchitectureSymbian Platform: Capability Architecture
Trusted Computing Base (TCB)
full access to all APIs and files
(kernel, installer, file server)
Trusted Computing Environment (TCE)
servers with selected “system capabilities”
most third-party apps need
only “user capabilities”
5
![Page 6: Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems](https://reader038.vdocument.in/reader038/viewer/2022100602/5584c5ffd8b42af8138b480b/html5/thumbnails/6.jpg)
Over the Horizon: Privacy LabellingOver the Horizon: Privacy Labelling
Symbian platform has the notion of “user data”, and the
ReadUserData and WriteUserData capabilities
doesn’t, however, identify which user data is intended to be
shared and which to be kept private
Could borrow the concept of “sensitivity labels” from the
classic MLS (Multi-Level Secure) orange book systems
principle is that the sensitivity label is indivisible from the data
Labels could be set in one application (e.g. the camera app)
and then acted upon in another (e.g. a file sharing app)
should be preserved even when files are moved or copied
Useful (essential?) for interfacing to social networking services
but it currently isn’t implemented (“you can trust us” attitude?)
6
![Page 7: Embedded Consumer Electronics: Security Considerations in the Use of High-Level Operating Systems](https://reader038.vdocument.in/reader038/viewer/2022100602/5584c5ffd8b42af8138b480b/html5/thumbnails/7.jpg)
7