Apple iOS Security Evaluation

《Apple iOS Security Evaluation》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、TrailofBitsAppleiOSSecurityEvaluationDinoA.DaiZoviPrincipalTrailofBitsLLCVersion:DRAFTTrailofBitsTableofContentsASLR1Overview1Assessment3CodeSigning4MandatoryCodeSigning4CodeSigningEnforcement11AppleMobileFileIntegrity11DynamicCodeSigning13Assessment13Sandboxing15Introduction15ApplicationContainer

2、s15SandboxProfiles15Assessment22DataEncryption24Overview24HardwareEncryption24AppleiOSSecurityEvaluationiTrailofBitsDataProtectionAPI25FilesystemEncryption25iOSPasscodes26DataProtectionAPICoverage27Assessment29AppleiOSSecurityEvaluationiiTrailofBitsASLROverviewAddressSpaceLayoutRandomization(ASLR)i

3、sanimportantprotectionthatmakestheremoteexploitationofmemorycorruptionvulnerabilitiessignificantlymoredifficult.Inparticular,whenitisfullyapplied,itusuallyrequiresthatattackersfindandexploitoneormorememorydisclosurevulnerabilitiesinordertoenabletheexploitationofamemorycorruptionvulnerability.Onmanyop

4、eratingsystems,however,theimplementationofASLRmaybeincompleteandattackerscanmakeoftenmakeuseofexecutableorwritablememoryregionsatfixedorpredictablelocations.ASLRwasintroducediniOS4.3andtherearetwolevelsofcompletenessofASLRiniOS4.3,dependingonwhethertheapplicationwascompiledwithsupportforPositionInd

5、ependentExecutables(PIE).IftheapplicationwascompiledwithoutPIEsupport,itwillrunwithlimitedASLR.Specifically,themainexecutablebinary(includingitscodeanddatasections)andthedynamiclinker(dyld)willbeloadedatfixedlocations.Themainthread’sstackwillalsoalwaysbeginatthesamelocationinmemory.Thisispresumablyt

6、omaintaincompatibilitywithexistingiOSapplications.IftheapplicationiscompiledwithPIEsupport,thentheapplicationwillbeabletomakefulluseofASLRandallmemoryregionswillberandomized.IniOS4.3,allbuilt-inapplicationsarecompatiblewithfullASLR.Thetablebelowsummarizeswhichsegmentsofmemorywillbefoundatrandomize

7、dlocationsdependingonwhethertheapplicationwascompiledwithorwithoutPIEsupport.MemoryRegionRandomizationbyDeploymentTargetVersionPIEExecutableDataHeapStackLibrariesLinkerNoFixedFixedRandomizedFixedRandomizedFixedpe