January 18, 2009

• Share:
• Email
• Print
• Twitter
• Facebook

Stakeholder Threats

Last time I introduced three different stakeholders in mobile phone security.  I now want to introduce the different types of threats that each class of stakeholders face.

The main threat to users is malicious software - viruses, worms, Trojans - the usual suspects.  But also there is also the threat of exploits that leverage defects in critical software for access to personal data and other bad things.

Network operators need to be protected against hostile software that may for example hijack and jam their cellular networks, thereby creating a denial of service for other mobile phone users.

Content providers need to be protected against attacks against those portions of a software stack that are responsible for protecting DRM-enabled content.  This includes attacks against video and audio device drivers - compromising these might enable someone to capture the raw, decoded and unprotected media content and upload it to, say YouTube.

Having spoken about the stakeholders in security, types of threats, let's talk to security itself.  What does security mean?  How do we measure security?  Well, the standard way to assess security is in terms of integrity, confidentiality, authentication and authorization.

Confidentially is about making sure that sensitive data is not leaked into the hands of unauthorized users or software components.  Integrity is about making sure that data has not been modified in an unauthorized way.  Authentication is convincing a certain entity of your identity - that is checking that you are who in fact you say you are.  And lastly, authorization is all about the process of giving a user or entity permission to access a protected resource or service.

So, the big question is, how can we better design our embedded systems software to provide stronger security?  I answer this in my next blog post. . .

Posted by Steve Subar on January 18 at 11:53 AM

About Steve Subar:

Steve Subar, CEO and President of OK Labs, has been an honored leader in the technology industry for 20 plus years and has received several accolades for his work. Steve is an avid runner who can also be found communing with his surfboard in Bondi Beach, Australia; skiing the slopes of Beaver Creek, Colorado; or searching for the perfect Pinot Noir all over the world.

Email Steve Subar

Recent Entries:

• Take My Wallet. Please.
• 2012 - The End of Mobile as We Know It
• Enterprise Immobility – Somethin’s Gotta Give
• Who’s Listening? Phone Hacking puts Personal and Corporate Activities at Risk
• At the Nexus of Device Security and the Roving Workforce

Personal Site:

http://www.ok-labs.com/leadership/bio/steve-subar

Virtualization for Embedded Systemes • Permalink

▲ Back to Top