 |
|||||||||||||||||||||
|
|||||||||||||||||||||
| November 7th, 2007 ___________________________________________ Windows Mobile Devices and Security Part 2 Hi everyone,
In this blog, I’ll continue with step one of how a development team can maximize security on a mobile device. The first step in securing a mobile device is figuring out where it needs to be protected. There’s no shortage of threats and the key to any security mitigation effort is to do a comprehensive job at this stage. You cannot develop an effective mitigation plan without first knowing what work you need to do. Detailed data-flow diagrams are essential at this stage. It’s quite likely that data-flow diagrams were created in the design process. Even if they weren’t, it is well worth the effort to have the project developer create one. You cannot do an effective security analysis without one. Simply put, a data-flow diagram shows how data flows through an information system. Among other things, it shows when a user enters data, when reports are generated, and where data is stored. Your diagram should show any time data is entered, imported, exported, saved, generated, or transferred. For simple systems, you may just need one data-flow diagram. For more complicated systems, you may find it more useful to create a very high-level diagram to represent the device overall, and several highly-detailed diagrams for each subsystem. The developer with the most intimate knowledge of the device should be the one to prepare the context diagram as every point on it is an area of potential concern. If you fail to list any data-flow point, your security analysis will be incomplete and you may end up leaving a huge security hole in your final design. The quality of work at this stage will largely drive the quality of your mitigation efforts. Figure 1 shows a sample context diagram for a Smartphone management system. The context diagram depicts the external entities that access the Smartphone. (This context diagram is based on the diagram shown in page 178 of the book, Threat Modeling, by Frank Swiderski and Window Snyder published by Microsoft Press in 2004.) In my next blog, I’ll explore how to identify threats. Steven Yee, CISSP
|
|||||||||||||||||||||
