Dilip Dwarakanath.  The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino.

Slides:



Advertisements
Similar presentations
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Advertisements

Moving Target Defense in Cyber Security
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
IOS VS ANDROID Presented by, Lowkya Pothineni.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh
Apple Technical White Paper Presented By : Rajhesh Babu.
Case study 2 Android – Mobile OS.
Security issues for mobile devices Cvetko Andreeski.
Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.
Introduction Our Topic: Mobile Security Why is mobile security important?
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Byron Alleman Will Galloway Jesse McCall. Permission Based Security Model Users can only use features for which their permissions grant them access Abstracts.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
Java Beserkers Group 4. Start of Java Development began on June of 1991 by a group of computer scientist at the Sun Mircrosystems Company Development.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.
Computer Security and Penetration Testing
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Secure Operating Systems Lesson C: Linux Security Features.
Secure Credential Manager Claes Nilsson - Sony Ericsson
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.
1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.
ANDROID BY:-AANCHAL MEHTA MNW-880-2K11. Introduction to Android Open software platform for mobile development A complete stack – OS, Middleware, Applications.
1 Mobile Code l Java Review –Java code is platform independent and runs within a “sandbox”, or a set of restrictions that keep downloaded applets from.
M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
Operating Systems Security
Wireless and Mobile Security
Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.
MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Android and IOS Permissions Why are they here and what do they want from me?
Lec. Waleed Bin Shahid.  You might have noticed a lot of issues related to software implementation.  The ultimate requirement of developer(s) is to.
James F. Fox MENA Cyber Security Practice Lead Presenters Cyber Security in a Mobile and “Always-on” World Booz | Allen | Hamilton.
Module 51 (Mobile Device Fundamentals - Android)
Smartphone Security Evaluation
Chapter 6: Securing the Cloud
Containers as a Service with Docker to Extend an Open Platform
Hardware-rooted Trust for Secure Key Management & Transient Trust
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Module 30 (Unix/Linux Security Issues II)
Protecting Memory What is there to protect in memory?
AUDACIOUS: USER DRIVEN ACCESS CONTROL WITH UNMODIFIED OPERATING SYSTEM
A Fast Track into Device Guard
Symantec Code Signing Certificate
Who owns your phone? Who feels that they have the right to use your phone for their purposes or on your behalf?
CSC 495/583 Topics of Software Security Stack Overflows (2)
Security of Mobile Operating Systems
Exam Review.
Topic: Java Security Models
NEED OF JAILBREAKING IN IOS PENETRATION TESTING
Device Guard: AppLocker on steroids
Download dumps - Microsoft Real Exam Questions Dumps4download
Cloud Storage Services
Nessus Vulnerability Scanning
Android Platform, Android App Basic Components
Understanding and Preventing Buffer Overflow Attacks in Unix
Presentation transcript:

Dilip Dwarakanath

 The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino Zovi is a known hacker and author of several papers on hacking.  He is also a faculty member at the NYU Polytechnic University.  He has been ranked at 8 th out of 15 Most Influential People in Cyber Security today.

 In a Buffer over flow attack, the stack of the application is attacked and is inserted with malicious input. This, kind of crashes the application partially, but to recover it goes to back to the return address from where it started.  The return address was already pointing to a malicious location in the beginning, so the system is now fully compromised.  PIE stands for Position Independent Executables and these executables can run pretty much anywhere in the memory.  There are two types of ASLRs (Later): ◦ Partial – Compiled without PIE Support ◦ Complete – Compiled with PIE Support

 Address Space Layout Randomization makes remote exploitation of memory difficult.  It was introduced in iOS 4 and it is used to stop Buffer Overflow Attacks.  ASLR Re-arranges address space positions randomly including the location of the executable.  Hence, this makes it difficult for the attacker to pinpoint the exact memory address to which it writes.

 To verify that all executables are authentic, iOS requires that all apps be signed with Trust Certificate. This is called Code Signing.  Some different trust certificates include “Apple Store”, “Developer”, “Enterprise” and “University”  Some Trust Certificates come with certain entitlements. For example, an application with Apple Trust Certificate already has access to certain groups and has certain preset File Permissions.  No app can be installed on the device without a Trust Certificate. This is called Mandatory Code Signing.  Apple also charges its developers fees for different Trust Certificates, especially for Enterprise packages. The Developer edition is free, but it has no default entitlements.

 In order to prevent execution of new executables at runtime, iOS implements a security protection called Code Signing Enforcement (CSE).  This prevents applications from loading unsigned libs, downloading new code at run time or using self modifying code.  CSE is more stronger than Microsoft’s Data Execution Prevention, because in DEP you could potentially download new code and execute them using runtime executable commands.

 iOS 4 requires that applications and their data be isolated from other apps and their data.  Sandbox is designed to enforce this  This is done by assigning each installed app its own file systems and storage.  On top of this, process level runtime security policies are implemented to make sure the app isn’t writing to or reading from the folder of another application.  These policies enforce file and system access restrictions on the application.

 The iOS 4.0 version brought around many new changes to the then newly introduced (2010) Operating system.  It fixed many serious vulnerabilities and introduced new and improved security measures.  It laid the foundation stone for ASLR in operating systems, a system today widely used in many other mobile devices as well.  The code signing feature might keep iOS at frustrating levels with the user mind set, but it is much more secure than the Android OS that allows installation of apps from Third Party websites on un-rooted handsets too.  Although it brought around these many improvements, it hasn’t stopped hackers from being able to insert malware into it, in fact Dan Zovi himself has written a book titled “Apple Hacker’s Bible” aimed specifically at iOS.

 Possey, B. How do buffer overflow attacks work? Retrieved April 14, 2015.How do buffer overflow attacks work?  Zovi, D. (2011). Apple iOS 4 Security Evaluation. BlackHat Conference, USA.Apple iOS 4 Security Evaluation  Address space layout randomization. Retrieved April 15, 2015 from Wikipedia.org Address space layout randomization