psios bring your own privacy security to ios devices n.
Download
Skip this Video
Download Presentation
PSiOS: Bring Your Own Privacy & Security to iOS Devices

Loading in 2 Seconds...

play fullscreen
1 / 17

PSiOS: Bring Your Own Privacy & Security to iOS Devices - PowerPoint PPT Presentation


  • 119 Views
  • Uploaded on

PSiOS: Bring Your Own Privacy & Security to iOS Devices. Ahmad-Reza Sadeghi Werthmann ,Ralf Hund Thorsten Holz Lucas Davi Authors Sravya Avasarala Presenter. Outline. Introduction

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'PSiOS: Bring Your Own Privacy & Security to iOS Devices' - eitan


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
psios bring your own privacy security to ios devices

PSiOS: Bring Your Own Privacy & Security to iOS Devices

Ahmad-Reza Sadeghi Werthmann ,Ralf Hund

Thorsten Holz

Lucas Davi

Authors

Sravya Avasarala

Presenter

outline
Outline
  • Introduction
  • Background and problem description
  • High level idea
  • Design of PSiOS
  • Implementation
  • Conclusion
introduction
Introduction
  • Smartphone and tablet computers have become ubiquitous
  • Privacy and security concerns arise
  • iOS assigns general sandboxing profile contradicts the least privilege principle
  • Developers must adhere to certain guidelines
  • Mitigation static analysis tool PSiOSto identify privacy leaks
slide4

No solid privacy framework for iOS

  • Challenges: closed source nature and dynamic nature of Objective –C
  • Key Idea: detect and prevent privacy leaks by providing specific sandboxing profile to applications
  • Protection layer between applications and Objective-C runtime environment
  • Monitors application’s execution
  • Operates directly on application binary
psios
PSiOS
  • This framework policy is implemented in a tool- PSiOS
  • Provides user driven and fine grained sandboxing profile.
  • User driven  update sandboxing w/o recompiling
  • Fine grained  user or admin specifies privileges assigned to an application
  • Prevents attackers from exploiting vulnerabilities.
background and problem description
Background and Problem Description
  • 4 layers:
    • Application layer
    • Cocoa layer
    • Core Service layer
    • Core OS layer
ios background
iOS background
  • Generic sandboxingprofile
  • Objective-C frameworks-public and private

Problemdescription

  • iOS sandboxing is based on kernel module adopted from TurboBSD
  • Allows access to public frameworks
  • Several attacks reported
  • Supports sandboxing at kernel level
  • Provides coarse-grained sandboxing
  • Individual sandboxing rules can be bound to mobile apps using entitlement
  • Drawback of entitlement: requested by the developers and included in digital signature of the application.
high level idea
High Level Idea
  • PSiOS: user-defined sandboxing profile for each application
  • New module between application layer and Cocoa touch layer policy enforcement
  • This component mediates every access request to Objective –C runtime and frameworks and system calls.
  • Enforces rules on every request and checks that the policy is not violated and then forwards request to destination
  • Control flow attacks are handled by enforcing CFI
design of psios
Design of PSiOS
  • 3 phases:
    • Static analysis(offline)
    • Binary rewriting(load-time)
    • CFI and policy enforcement(execution time)
slide10

Leverage MoCFI to derive CFG

  • Implement a static objective-c analyzer to identify used classes and methods
  • When app is launched, perform binary rewriting
  • Leverage binary rewriting to insert checkpoints into the app that will be reached whenever an app aims at accessing runtime, frameworks and system call wrapper
  • At execution time,
    • Objective-C analyzer handles incompleteness of static analysis process
    • CFI ensures control flow of app through CFG
    • Policy enforcement validates if requests adhere to given policy rules
slide11

Static Analysis:

    • Implements Objective-C analyzer to identify all classes, methods and inheritance relationships
  • Binary Rewriting and Runtime Enforcement
    • Rewriting after app loader has verified application signature
    • PSiOS rewrites all access requests to the Objective-C runtime to insert checkpoints.
    • Objective-C analyzer requests runtime information that were not obtained during static analysis)
    • At execution, PSiOS ensures the request follows CFG and adheres to rules
slide12

Policy Enforcement:

    • Supports 3 policy enforcement types: Log, Exit and Replace
    • Log: Ensures all policy violations are recorded by the system.
    • Exit: Restrictive, terminates process immediately on a policy violation
    • Replace: Allows the application to continue executing, but PSiOS replaces the return values of the Objective-C runtime with shadow data.
architecture of psios1
Architecture of PSiOS
  • PSiOS: user-defined sandboxing profile for each application
  • New module between application layer and Cocoa touch layer policy enforcement
  • This component mediates every access request to Objective –C runtime and frameworks and system calls.
  • Enforces rules on every request and checks that the policy is not violated and then forwards request to destination
  • Control flow attacks are handled by enforcing CFI
implementation and evaluation
Implementation and Evaluation
  • Implementation of PSiOS on a prototype that supports iOS version 4.3.2, 4.3.3, 5.0.1, and 5.1.1.
  • Evaluation using SpyPhone ( an iOS app specifically meant to steal sensitive information)
  • Applied PSiOS on various apps like Whatsapp, Facebook, Instagram.
  • Performance:
    • Negligible overhead
    • Slight slowdown of RAM speed
conclusion
Conclusion
  • A new policy enforcement framework for iOS
  • Fine grained control, application-specific and user-defined sandboxing for application without access to source code
  • Secure