"In my last entry on this column I described the code signing security architecture of Windows Mobile and explained that this forms the first line of defense against running malicious code on the device. However, relying on just the digital signature of executable code is not enough to form a complete or particularly granular level of security for a device. In addition to code signing Windows Mobile also enforces role based security to protect certain assets on the device. In this post we will explore the different facets of the role model implemented on Windows Mobile 5.0 Smartphone and Pocket PC devices. ... Role based security requires the OS to protect system assets (files, reg keys, code operations etc) by asserting that the process or operation requesting access has a role flag matching or exceeding the requirements of that asset. So we need a set of role flags, a way of associating role flags with all assets that need protection, and a way of associating role flags with a specific operation."
Just in case you thought that Windows Mobile is really weak when it comes to security, Marcus Perryman is shedding some light on the role based security offered by the platform. This article will soon be posted on the MSDN Mobile Security Web site.