Article: Protection profile for the smartphone operating system Journal: International Journal of Embedded Systems (IJES) 2014 Vol.6 No.1 pp.28 - 37 Abstract: With the development of communication industry, the smartphone plays a more important role in people's lives, providing a rich functionality with a variety of operating system platforms (such as: Symbian, Windows Mobile, Android, etc.). However, since the internet becomes increasingly complex and changeable brought by the cyber threats and vulnerabilities, more and more manufacturers focus on the security evaluation of smartphone operating system to make their product more secure. At present, the international security assessment criteria of information product is the common criteria (CC), which is the foundation of the protection profile (PP) and can provide function requirements and assurance requirements as the basis for security evaluation. In view of this fact, this paper researches the security mechanisms and analyses the risk factors in different smartphone operating systems. Then, this paper determines the security objectives and security requirements used for the common smartphone operating system. Finally, this paper proposes the corresponding protection profile in EAL4+ (evaluation assurance level 4 including the extended security assurance requirements) for the smartphone operating system based on the CC. Inderscience Publishers - linking academia, business and industry through research

Title: Protection profile for the smartphone operating system

Authors: Jun Sang; Daxiang Hong; Bing Zhang; Hong Xiang; Li Fu

Addresses: School of Software Engineering, Chongqing University, Chongqing, 400044, China ' School of Software Engineering, Chongqing University, Chongqing, 400044, China ' School of Software Engineering, Chongqing University, Chongqing, 400044, China ' School of Software Engineering, Chongqing University, Chongqing, 400044, China ' School of Software Engineering, Chongqing University, Chongqing, 400044, China

Abstract: With the development of communication industry, the smartphone plays a more important role in people's lives, providing a rich functionality with a variety of operating system platforms (such as: Symbian, Windows Mobile, Android, etc.). However, since the internet becomes increasingly complex and changeable brought by the cyber threats and vulnerabilities, more and more manufacturers focus on the security evaluation of smartphone operating system to make their product more secure. At present, the international security assessment criteria of information product is the common criteria (CC), which is the foundation of the protection profile (PP) and can provide function requirements and assurance requirements as the basis for security evaluation. In view of this fact, this paper researches the security mechanisms and analyses the risk factors in different smartphone operating systems. Then, this paper determines the security objectives and security requirements used for the common smartphone operating system. Finally, this paper proposes the corresponding protection profile in EAL4+ (evaluation assurance level 4 including the extended security assurance requirements) for the smartphone operating system based on the CC.

Keywords: smartphone operating system; common criteria; protection profile; security mechanism; embedded systems; smartphones; risk assessment.

DOI: 10.1504/IJES.2014.060923

International Journal of Embedded Systems, 2014 Vol.6 No.1, pp.28 - 37

Received: 14 Jun 2013
Accepted: 26 Sep 2013
Published online: 31 Jul 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Protection profile for the smartphone operating system

Keep up-to-date