Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
111112113114115116117118119120
corresponding public keys to verify that the digital signature is correct. If it is correct, the boot ROM code runs the PlayBook
OS.
Before the PlayBook OS mounts the read-only base file system, it runs a validation program that generates a SHA-256 hash
of the base file system content, including all metadata. The program compares the SHA-256 hash to a SHA-256 hash that
is stored outside the base file system. This stored hash is digitally signed using EC 521 with a series of private keys. If the
hashes match, the validation program uses the corresponding public keys to verify the signature and the integrity of the
stored hash.
How the BlackBerry PlayBook tablet verifies apps and
software upgrades
Once the base file system is validated, the BlackBerry PlayBook OS verifies existing apps by reading an app's XML file and
verifying the assets of the app against the cryptographically signed hashes contained in the XML manifest.
Each software upgrade and app for the BlackBerry PlayBook tablet is packaged in the BlackBerry Archive (BAR) format.
This format includes SHA-2 hashes of each archived file, and it includes an ECC signature that covers the list of hashes.
When a user installs a software upgrade or app, the installation program verifies that the hashes and the digital signature
are correct.
The digital signatures for a BAR file also indicate to the user the author of the software upgrade or app. The user can then
decide whether to install the software based on its author.
Because the tablet can verify the integrity of a BAR file, the tablet can download BAR files over an HTTP connection, which
makes the download process faster than over a more secure connection.
How the BlackBerry PlayBook tablet
prevents the exploitation of memory
corruption
The BlackBerry PlayBook tablet prevents exploitation of memory corruption in a number of different ways, including the six
security mechanisms listed below.
Security mechanism Description
Non-executable stack and heap The stack and heap areas of memory are marked as non-executable. This
means that a process cannot execute machine code in these areas of the
memory, which makes it more difficult for an attacker to exploit potential buffer
overflows.
Security Technical Overview The BlackBerry PlayBook OS
115