Developing Secure, Unified, Multi-Device, and Multi-Domain Platforms

Abstract

The need for integrated cross-platform systems is growing. Such systems can enrich the user experience, but also lead to greater security and privacy concerns than the sum of their existing components. To provide practical insights and suggest viable solutions for the development, implementation, and deployment of complex cross-domain systems, in this chapter, the authors analyse and critically discuss the security-relevant decisions made developing the Webinos security framework. Webinos is an EU-funded FP7 project, which aims to become a universal Web application platform for enabling development and usage of cross domain applications. Presently, Webinos runs on a number of different devices (e.g. mobile, tables, PC, in-car systems, etc.) and different Operating Systems (e.g. various Linux distributions, different Windows and MacOSx versions, Android 4.x, iOS). Thus, Webinos is a representative example of cross-platform framework, and even if yet at beta level, is presently one of the most mature, as a prototype has been publicly available since February 2012. Distilling the lessons learned in the development of the Webinos public specification and prototype, the authors describe how potential threats and risks are identified and mitigated, and how techniques from user-centred design are used to inform the usability of security decisions made while developing the alpha and beta versions of the platform.