Please enable JavaScript.
Coggle requires JavaScript to display documents.
Window Phone Security Model - Coggle Diagram
Window Phone Security Model
Successor to Windows Mobile
Part of Windows CE family
Primarily aimed at consumer market
Enterprise support limited to only Exchange and ActiveSync
Enterprise management of third-party apps is not supported
Heavy support for cloud-based services
Security Architecture is divided into four sections:
@ Chambers
@ Capabilities
@ Sandbox
@ Application Deployment
Chambers
Windows Phone processes and applications execute in isolated chambers that are each configured with their own security policy.
Four chamber types:
Trusted Computer Base (TCB) Chamber
Configured with the greatest set of privileges; allows processes to have unrestricted access to system resources.
Example: Kernel, Windows Phone drivers.
Elevated Rights Chamber (ERC)
Processes have access to all system resources except the security policy.
Example: phone application services, user mode drivers.
Standard Rights Chamber (SRC)
For processes and apps that do not provide a “device-wide” service; default chamber for pre-installed Windows Phone applications.
Example: Microsoft Outlook Mobile 2010.
Least Privileged Chamber (LPC)
Security policy is defined based on stated capabilities of third-party apps installed from the Windows Phone Marketplace.
Example: Facebook, Twitter.
Windows Phone resources used by apps that need to be controlled via dynamic access control policies configured at installation-time
Geo-location data (GPS)
Camera
Microphone
Wireless Network (Cellular, Wi-Fi, Bluetooth)
Explicitly stated by the application manifest at installation-time and cannot be changed during run-time
Apps receive only resources they need to function.
Each app informs the user of requested capabilities:
At purchase
The initial time capability is used by purchased app
Sandbox
Each Windows Phone app runs in its own isolated chamber configured with access to stated capabilities.
Each app is granted access to its own isolated storage container.
There are no methods to communicate between running apps on a Windows Phone except via the cloud.
Third-party apps cannot remain active in the background.
Gracefully shutdown when user switches to another app
Prevents potentially unwanted access to resources
Authentication
Exchange Server to enforce password policies
Uses digital certificates for network authentication
Data Protection
Allows file encryption using vetted third-party apps
Application Security
Limited ability to verify individual applications
Name @ No.Matrix
SYED NAZRIL AHMAD @ 21DDT19F1199
THEYVIISHAA GHANA SAMBANTHAM @ 21DDT19F1170
PIRMISHA SANTERKUMAR @ 21DDT19F1101