 |
Seminar on Network Security
Introduction of the topics and some material for the session ofOperating system security
Security Comparison of Mobile OSes
Tutor: Camillo Särs-
Prerequisites: The author should be familiar with operating system
concepts and have experience with OS security features.
- review the most common mobile operating systems, most notably EPOC, PalmOS, Windows CE and some mobile Linux project.
- describe the security paradigms of the different systems
- present a comparative review of the security of the systems
- identify any critical weaknesses and suggest possible improvements
- Any good book on operating systems and security
- http://www.palmos.com/dev/
- http://www.symbiandevnet.com/
- http://www.microsoft.com/pocketpc/developer.asp
- http://www.linuxce.org/
- http://www.pocketlinux.com/
- http://www.gmate.co.kr/expert/index.html
- http://www.palmos.com/
- http://www.symbian.com/
- http://www.pocketpc.com/
The rapid increase in the popularity of mobile devices means that mobile operating systems are commonplace. It appears that our society will rely on mobile devices at an ever increasing pace, which means that the security of these devices becomes very important. Unfortunately, security has not been a primary design principle for all the systems available today.
The paper should
The paper should not cover basic security concepts at all. The author can assume that the readers have a good understanding of computer security concepts. The paper will be graded both on technical detail and depth of analysis.
Sources
PalmOS Security - A Buffer Overflow Perspective
Tutor: Camillo Särs-
Prerequisites: The author should be familiar with operating system
vulnerabilities and intrusion techniques in particular. Knowledge of
the PalmOS system is an advantage.
- describe the PalmOS security features
- describe basic attack methods using buffer overflows
- describe the ways data can be uploaded to a PalmOS device
- analyze the PalmOS data transfer capabilities for possible vulnerabilities
- if possible, present proof-of-concept code that exploits a vulnerability
- Aleph One, "Smashing the stack for fun and profit", Phrack 49, Volume 7, Issue 49.
- http://www.palmos.com/
- http://julianor.tripod.com/
Today, PDAs based on the PalmOS operating system are the definite market leaders in the PDA business. The first widely publicised trojan horse has been found in the wild, and more malicious applications are expected in the near future. The PalmOS is not equipped to handle malicious applications, by design. However, little is known about its ability to handle malicious data.
The paper should
The paper should focus on giving an overall vulnerability assessment of the PalmOS in regard to malicious data. If a particular vulnerability is found, it must not be the entire contents of the paper.
Sources:
Java2 Micro Edition (J2ME)
Tutor: Camillo Särs-
Prerequisites: The author should be familiar with Java and the Java
security model.
- briefly present the Java2 security model
- present J2ME and the changes in Java2 it has brought
- compare the Java2 and J2ME security models
- attempt to assess the suitability of the J2ME model for mobile devices
Java has quickly become an important programming language for Internet applications and applets. It includes a secure programming model that is supposed to prevent security risks caused by untrusted code. Implementation faults in Java Virtual Machines has previously introduced vulnerabilities in systems such as WWW browsers, but the overall Java security model is at least adequate. It has also been improved upon several times. Sun has introduced Java2 Micro Edition for small, resource-constrained devices. Reducing the size necessarily requires reducing functionality and features.
The paper should
The paper should not be a tutorial to Java security, but rather focus on potential problems or pitfalls introduced by J2ME compared to Java2. The author can assume that the reader has some knowledge of Java security.
This page is maintained by Network Security teaching staff,
E-mail: netsec@tml.hut.fi.
The page has been last updated on September 9, 2000
URL: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/intro/os.html