Windows Phone Security Model - Coggle Diagram
Windows Phone Security Model
Windows Phone processes and applications execute in isolated chambers
Four chamber types:
Trusted Computer Base (TCB) Chamber
; allows processes to have unrestricted access to system
exp: Kernel, Windows Phone drivers.
Elevated Rights Chamber (ERC)
e access to all system resources except the security policy.
exp: phone application services, user mode drivers.
Standard Rights Chamber (SRC)
Security policy is defined based on stated capabilities of third-party apps installed from the Windows Phone Marketplace.
exp: Facebook, Twitter.
Least Privileged Chamber (LPC)
For processes and apps that do not provide a “device-wide” service
default chamber for pre-installed
Windows Phone applications.
exp: Microsoft Outlook Mobile 2010.
Windows Phone resources used by apps
controlled via dynamic access control
policies configured at installation-time
Apps receive only resources they need to function.
There are no methods to communicate between running apps on a Windows Phone except via the cloud.
Each Windows Phone app runs in its own isolated chamber configured with access to stated capabilities
Third-party apps cannot remain active in the background.
must be actively registered with Microsoft before an app can be submitted for review.
Windows Phone 7 does not support removable storage of any kind
Alphanumeric passwords are not supported.
Only weak passwords can be defined.
Device encryption is not supported.
Allows file encryption using vetted third-party apps
Limited ability to verify individual applications