Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
101102103104105106107108109110
corresponding public keys to verify that the digital signature is correct. If it is correct, the boot ROM code runs the
BlackBerry 10 OS.
Before the BlackBerry 10 OS mounts the read-only base file system, it runs a validation program that generates a SHA-256
hash of the base file system content, including all metadata. The program compares the SHA-256 hash to a SHA-256 hash
that is stored outside the base file system. This stored hash is digitally signed using EC 521 with a series of private keys. If
the hashes match, the validation program uses the corresponding public keys to verify the signature and the integrity of the
stored hash.
How the BlackBerry 10 device verifies apps and
software upgrades
Once the base file system is validated, the BlackBerry 10 OS verifies existing apps by reading an app's XML file and
verifying the assets of the app against the cryptographically signed hashes contained in the XML manifest.
Each software upgrade and app for the BlackBerry 10 device is packaged in the BlackBerry Archive (BAR) format. This
format includes SHA-2 hashes of each archived file, and it includes an ECC signature that covers the list of hashes. When a
user installs a software upgrade or app, the installation program verifies that the hashes and the digital signature are
correct.
The digital signatures for a BAR file also indicate to the user the author of the software upgrade or app. The user can then
decide whether to install the software based on its author.
Because the device can verify the integrity of a BAR file, the device can download BAR files over an HTTP connection,
which makes the download process faster than over a more secure connection.
How the BlackBerry 10 device prevents the
exploitation of memory corruption
The BlackBerry 10 device prevents exploitation of memory corruption in a number of different ways, including the six
security mechanisms listed below.
Security mechanism Description
Non-executable stack and heap The stack and heap areas of memory are marked as non-executable. This
means that a process cannot execute machine code in these areas of the
memory, which makes it more difficult for an attacker to exploit potential buffer
overflows.
Stack cookies Stack cookies are a form of buffer overflow protection that helps prevent
attackers from executing arbitrary code.
Security Technical Overview The BlackBerry 10 OS
110