1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T Series X TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Supplement 24 (09/2014) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY ITU-T X.1120-X.1139 series Supplement on a secure application distribution fr
2、amework for communication devices ITU-T X-series Recommendations Supplement 24 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS
3、 X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security
4、 management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1
5、170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE
6、Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 CLOUD COMPUTING S
7、ECURITY Overview of cloud computing security X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computing security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For further details, please refe
8、r to the list of ITU-T Recommendations. X series Supplement 24 (09/2014) i Supplement 24 to ITU-T X-series Recommendations ITU-T X.1120-X.1139 series Supplement on a secure application distribution framework for communication devices Summary Supplement 24 to ITU-T X.1120-X.1139 series provides a sec
9、ure application distribution framework for communication devices and security requirements for application distribution sites to enhance the safety of the communication environment for users. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X Suppl. 24 2014-09-26 17 11.1002/1
10、000/12333 _ * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii X series Supplement 24 (09/2014) FOREWORD The International Telecommunicatio
11、n Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questi
12、ons and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations
13、on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this publication, the e
14、xpression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this publication is voluntary. However, the publication may contain certain mandatory provisions (to ensure, e.g., interoperability or applicabili
15、ty) and compliance with the publication is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the public
16、ation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this publication may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed
17、 Intellectual Property Rights, whether asserted by ITU members or others outside of the publication development process. As of the date of approval of this publication, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this publication. Ho
18、wever, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2015 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the
19、prior written permission of ITU. X series Supplement 24 (09/2014) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Supplement 1 4 Abbreviations and acronyms 2 5 Conventions 2 6 Introduction . 2 7 Application deployment 2
20、7.1 Life cycle of application deployment . 2 7.2 General security considerations 3 8 Secure application distribution framework for communication devices 4 8.1 Developer authentication 4 8.2 Application review . 4 8.3 Reputation . 4 8.4 Revocation 4 8.5 Access control based on users attributes 5 8.6
21、Secure payment system 5 9 Requirements for secure application distribution . 5 9.1 Developer authentication 5 9.2 Application review . 5 9.3 Reputation . 5 9.4 Revocation 5 9.5 Access control based on users attributes 6 Appendix I Application review . 7 I.1 Examples of checking items . 7 I.2 Testing
22、 and evaluation mechanism 7 Bibliography. 9 X series Supplement 24 (09/2014) 1 Supplement 24 to ITU-T X-series Recommendations ITU-T X.1120-X.1139 series Supplement on a secure application distribution framework for communication devices 1 Scope Supplement 24 to ITU-T X.1120-X.1139 series provides a
23、 secure application distribution framework for communication devices. The communication devices include smartphones, tablet personal computers (PCs), set-top boxes (STBs), and similar devices that have the capability to download applications from managed application distribution sites and execute th
24、e downloaded applications. This Supplement also includes security requirements for application distribution sites. 2 References None. 3 Definitions 3.1 Terms defined elsewhere This Supplement uses the following terms defined elsewhere: 3.1.1 access control b-ITU-T X.800: The prevention of unauthoriz
25、ed use of a resource, including the prevention of use of a resource in an unauthorized manner. 3.1.2 authentication information b-ITU-T X.800: Information used to establish the validity of a claimed identity. 3.1.3 data integrity b-ITU-T X.800: The property that data has not been altered or destroye
26、d in an unauthorized manner. 3.1.4 data origin authentication b-ITU-T X.800: The corroboration that the source of data received is as claimed. 3.1.5 digital signature b-ITU-T X.800: Data appended to, or a cryptographic transformation (see cryptography) of a data unit that allows a recipient of the d
27、ata unit to prove the source and integrity of the data unit and protect against forgery e.g., by the recipient. 3.1.6 privacy b-ITU-T X.800: The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be d
28、isclosed. NOTE Because this term relates to the right of individuals, it cannot be very precise and its use should be avoided except as a motivation for requiring security. 3.1.7 smartphone b-ITU-T X-Sup.19: A mobile phone with powerful computing capability, heterogeneous connectivity and advanced o
29、perating system providing a platform for third-party applications. 3.2 Terms defined in this Supplement This Supplement defines the following terms: 3.2.1 application distribution site: An application distribution platform on which users can buy and sell applications online. It is also referred to a
30、s an application market. Such sites are usually operated by the owners of operating systems, the manufacturers of communication devices, and telecommunication service providers. 2 X series Supplement 24 (09/2014) 3.2.2 communication device: A computing device that has the capability to download appl
31、ications from managed application distribution sites and execute the downloaded applications. They include smartphones, tablet personal computers (PCs) and set-top boxes (STBs). A communication device can be distinguished from a feature phone that cannot download and use the applications that users
32、prefer. 4 Abbreviations and acronyms This Supplement uses the following abbreviations and acronyms: API Application Programming Interface CVE Common Vulnerabilities and Exposures OS Operating System PC Personal Computer STB Set-Top Box TTP Trusted Third Party URL Uniform Resource Locator 5 Conventio
33、ns In this Supplement: The phrase “is required to“ indicates a requirement that must be strictly followed and from which no deviation is permitted, if conformance to this Supplement is to be claimed. The phrase “is recommended“ indicates a feature or action that is preferred, but which is not absolu
34、tely required. Thus, this preference need not be present to claim conformance. The phrase “is prohibited from“ indicates a requirement that must be strictly followed and from which no deviation is permitted, if conformance to this Supplement is to be claimed. The phrase “can optionally“ indicates a
35、feature or action on which choice is permissible, without implying any sense of being recommended. This term is not intended to imply that the vendors implementation must provide the option, and the feature can be optionally enabled by the network operator or service provider. Rather, it means the v
36、endor may optionally not provide the feature and still claim conformance with this Supplement. 6 Introduction Many communication devices, such as smartphones, personal computers (PCs), set-top boxes (STBs), have capabilities to execute applications. Users can install their favourite applications on
37、their own devices, which add new functions to those devices. However, there are problematic applications that steal personal information or execute malicious activities. Because most applications are installed from application distribution sites, secure distribution of applications from such sites i
38、s one of the most important elements to manage. This Supplement presents the phases of application deployment and the framework for secure application distribution. In addition, security requirements of the application distribution sites are provided to secure the use of communication devices. 7 App
39、lication deployment 7.1 Life cycle of application deployment Figure 1 shows the life cycle of application deployment. This consists of five phases: design/development, evaluation, deployment, and update or removal. X series Supplement 24 (09/2014) 3 X Su p p l. 2 4 (1 4 )_ F 0 1D es i g n /d ev el o
40、 p m en t E v al u at i o n D ep l o y m en tR em o v alU p d at eFigure 1 Life cycle of application deployment 7.2 General security considerations This clause specifies security considerations for each phase in the life cycle of the application. 7.2.1 Design/development This phase is where develope
41、rs design and develop their applications. In this phase, developers need to design applications taking into consideration the security aspects, and in particular secure coding. To achieve this, application distribution sites need to ask developers to think about security and to develop secure applic
42、ations. 7.2.2 Evaluation Evaluation is the phase where applications are examined by reviewers at distribution sites. The submitted applications are evaluated to determine whether they are secure before being posted on distribution sites. In this process, application distribution sites need to verify
43、 the developers identity and review the submitted application from a security perspective. After the evaluation, if the application reviewer judges that the application is secure, it is posted on the distribution site. If the application is judged not to be secure, the application distribution site
44、needs to give feedback to the developer. The operators of distribution sites need to have testing and evaluation capabilities to perform security checks of applications. In some cases, the operators can entrust a third-party testing institution to perform security checks of applications. 7.2.3 Deplo
45、yment Deployment is the phase where applications are distributed and utilized by users. As some application distribution sites review application security with minimum scrutiny, a large number of applications may not be secure. Therefore, users using these applications need to be very careful when t
46、hey download and use insecure applications. Application distribution sites can apply a reputation mechanism that collects evaluations of applications from users, and need to educate users about how to download and use applications carefully. 7.2.4 Update This phase is where developers update their a
47、pplications. After update, a reviewer needs to re-examine the applications at the distribution site. 7.2.5 Removal This phase is where applications are removed from distribution sites. If an application is identified as harmful or malicious, distribution sites need to remove it. Additionally, distri
48、bution sites need to recommend that its users remove the application from their communication devices. Distribution sites may apply a remote system that enables them to remove the harmful application, depending on user consent. 4 X series Supplement 24 (09/2014) 8 Secure application distribution fra
49、mework for communication devices Figure 2 shows a secure application distribution framework for communication devices. This clause defines the processes for each element in this framework. X S u p p l. 2 4 (1 4 )_ F 0 2A p p l i c a t i o nd e v e l o p e rR e g i s t ra t i o nre q u e s tFe e d b a c kFa i lFa i lD e v e l o p e ra u t h e n t i c a t i o nR e v i e wA pp l i c a ti o n di s tr i bu ti o n s i teSa l eR e p u t a t i o nR e v o c a t i o nA c c e s s