Windows Phone Security
When it comes to security on Windows mobile devices, there are two important principles at work: least privilege and isolation. Least privilege means that rights and permissions for users or developers are restricted to only the minimum necessary to complete the task. In short, rather than having free rein of all of a Windows phone's processes, an app developer will only have access to those areas required to reasonably perform a task.
Isolation is the notion that phone elements and processes have boundaries within which they must operate, without infringing into the boundary of any other element or process.
To construct this type of security model, Windows phone developers turned to the idea of security chambers — a tiered system of trust in which threats to the outermost layer cannot infiltrate the inner, more vulnerable layers. Outer layers are bigger, giving users or processes the least amount of access in which to wreak havoc, while the inner layers are smaller, with the highest amount of access or trust. The inner layer is the area most susceptible to the greatest damage.
Now, let's examine each of these four security chambers.
Security Chambers
We've already identified security chambers as a type of tiered system with least to most trust, moving from the outer layers to the inner ones. Here are the four types of chambers present on a Windows phone.
The least privileged chamber is the default chamber assigned to most applications and processes on a Windows device. This chamber is where all third-party applications reside, like Facebook. The applications in this chamber receive the least amount of trust from the Windows device itself. The assignment is based on what the third-party app states that its capabilities include.
The standard rights chamber houses two types of applications: those that come pre-installed on Windows phones (having a trust relationship from the manufacturer) and applications that do not provide services across the entirety of the device. An app like Microsoft Outlook will reside in the standard rights chamber of a Windows phone.
Applications or processes that need access to all of a Windows phone's system resources in order to operate, will reside in the elevated rights chamber. Not accessible in this chamber is the device's security policy. But because of the vast amount of privileges that reside here, most familiar applications will not acquire this level of trust. This chamber is typically reserved for things like user-mode drivers and services, which help other functions of the phone to work properly.
The final security chamber is the trusted computing base. Access in this chamber is unrestricted, allowing processes to have complete access to all of a device's resources. Think of this like the inner sanctum of trust and privilege, where only a few earn entry. Housed in this chamber is the ability to change policies or security features. This area is limited to critical device drivers and the phone ''kernel:'' the brain or core of the device's operating system.
Lesson Summary
The Windows phone has steadily improved in security performance since it was first introduced in 2010. Its security model is built on the concepts of least privilege (limited access only to areas required to perform a task) and isolation, where processes must operate without infringing into boundaries of other processes.
To achieve this model, Windows designers created a tiered system of security known as security chambers, that offer varying degrees of privileges and trust relationships between applications and processes, and the phone's hardware and software. These are:
- The default least privileged chamber, where the minimum amount of access to device resources is allowed
- Standard rights chamber, a slightly-enhanced layer that houses pre-installed apps and apps that don't provide service across the device
- Elevated rights chamber, for apps that need access to all of a Windows phone's system resources (however, access to changing the device's security policy is not allowed here)
- Trusted computing base, unrestricted access and privileges to a device's resources
