Please enable JavaScript.
Coggle requires JavaScript to display documents.
WINDOWS PHONE SECURITY MODEL - Coggle Diagram
WINDOWS PHONE SECURITY MODEL
CHAMBERS
Elevated Rights Chamber (ERC)
Except for the security policy, processes have access to all system resources. User mode drivers, for example, and phone application services
Least Privileged Chamber (LPC)
The capabilities of third-party apps installed from the Windows Phone Marketplace are used to set security policy. Facebook and Twitter, for example.
Trusted Computer Base (TCB) Chamber
Allows processes unrestricted access to system resources when configured with the most privileges. For example, kernel and Windows Phone drivers.
Standard Rightd Chamber (SRC)
Default chamber for pre-installed processes and programmes that do not provide a "device-wide" service. Apps for Windows Phone. Microsoft Outlook Mobile 2010 is an example.
CAPABILITIES
Apps that use Windows Phone resources that need to be regulated using dynamic access control policies set up after installation. Geo-location data (GPS), camera, microphone, and wireless network are examples (Cellular, Wi-Fi, Bluetooth)
The application manifest explicitly states this at installation time, and it cannot be modified during run-time. Apps are only given the resources they require to function. Each programme notifies the user of requested features. During the purchase process. The purchased app makes use of the initial time capabilities.
SANDBOX
Each Windows Phone programme runs in its own isolated chamber with access to specified features. Each app has its own storage container that is segregated. On a Windows Phone, the only way to connect between running apps is over the cloud. Third-party programmes are unable to run in the background. When the user moves to another app, the app gracefully shuts down. Prevents unauthorised access to resources.
APPLICATION DEPLOYMENT
Before an app can be submitted for approval, all Windows Phone developers must be registered with Microsoft. VeriSign code-signs all programmes on behalf of the developer. Non-code-signed apps will not run on Windows Phone.
REMOVABLE STORAGE
Wont support removable storage of any kind
DEVICE PASSWORDS
Alphanumeric passwords are not supported and weak passwords can be defined
ENCRYPTION
Not Supported
AUTHENTICATION
All Windows Phone developers must register with Microsoft before submitting an app for approval. All programmes are code-signed by VeriSign on behalf of the creator. Apps that are not code-signed will not operate on Windows Phone.
DATA PROTECTION
Allows file encryption using vetted third-party apps
APPLICATION SECURITY
Limited ability to verify individual applications