Information content can be classified according to multiple categories. The most common way is to define the confidentiality, integrity, and availability of information.
Confidentiality defines the level of privacy the information has and the importance of its content to critical operations. If information is not classified as confidential it is considered public. There can be several levels of confidentiality, defined by the author of the information and the policies of the system.
Integrity classifies information according to its importance to operations. If information should remain intact in all situations and no fragmentation or delays in updates are tolerated, the information has the highest level of integrity.
Availability is the most important factor if the information must be accessible without interruption in order for operations to continue normally.
There are additional content security issues such as traceability, access control, authentication, and repudiation. These are usually achieved by mixing the above items with cryptography.
When managing private data, its confidentiality must first be defined.
If necessary, data has to be encrypted or decrypted before it is stored or
used. Symbian OS provides tools to handle protected information in streams
and descriptors. Classes for handling encrypted data are REncryptStream, RDecryptStream, CSecurityEncryptBase, and CSecurityDecryptBase.
If an application handles private data, it should not write the data in plain format to a separate file, even temporarily. If the application crashes without deleting its temporary files, the file might be exposed to intruders, and can be read afterwards.
In S60 3rd Edition, any data that is stored in the application's \private\<uid>\ directory
(that is, your own private directory) can be considered as safe, since other
applications need the AllFiles capability to read or write to this location.
If your application consists of several DLLs that all need access to the same protected data, you might consider implementing an access server to your data. DLLs no not have access to your private folder but they could access it via your server.
This section contains the following information about content security: