TU Darmstadt / ULB / TUbiblio

XiOS: Extended Application Sandboxing on iOS

Bucicoiu, Mihai ; Davi, Lucas ; Deaconescu, Razvan ; Sadeghi, Ahmad-Reza :
XiOS: Extended Application Sandboxing on iOS.
10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015)
[Konferenz- oder Workshop-Beitrag], (2015)

Kurzbeschreibung (Abstract)

Until very recently it was widely believed that iOS malware is effectively blocked by Apple's vetting process and application sandboxing. However, the newly presented severe malicious app attacks (e.g., Jekyll) succeeded to undermine these protection measures and steal private data, post Twitter messages, send SMS, and make phone calls. Currently, no effective defenses against these attacks are known for iOS. The main goal of this paper is to systematically analyze the recent attacks against iOS sandboxing and provide a practical security framework for iOS app hardening which is fully independent of the Apple's vetting process and particularly benefits enterprises to protect employees' iOS devices. The contribution of this paper is twofold: First, we show a new and generalized attack that significantly reduces the complexity of the recent attacks against iOS sandboxing. Second, we present the design and implementation of a novel and efficient iOS app hardening service, XiOS, that enables fine-grained application sandboxing, and mitigates the existing as well as our new attacks. In contrast to previous work in this domain (on iOS security), our approach does not require to jailbreak the device. We demonstrate the efficiency and effectiveness of XiOS by conducting several benchmarks as well as fine-grained policy enforcement on real-world iOS applications

Typ des Eintrags: Konferenz- oder Workshop-Beitrag (Keine Angabe)
Erschienen: 2015
Autor(en): Bucicoiu, Mihai ; Davi, Lucas ; Deaconescu, Razvan ; Sadeghi, Ahmad-Reza
Titel: XiOS: Extended Application Sandboxing on iOS
Sprache: Deutsch
Kurzbeschreibung (Abstract):

Until very recently it was widely believed that iOS malware is effectively blocked by Apple's vetting process and application sandboxing. However, the newly presented severe malicious app attacks (e.g., Jekyll) succeeded to undermine these protection measures and steal private data, post Twitter messages, send SMS, and make phone calls. Currently, no effective defenses against these attacks are known for iOS. The main goal of this paper is to systematically analyze the recent attacks against iOS sandboxing and provide a practical security framework for iOS app hardening which is fully independent of the Apple's vetting process and particularly benefits enterprises to protect employees' iOS devices. The contribution of this paper is twofold: First, we show a new and generalized attack that significantly reduces the complexity of the recent attacks against iOS sandboxing. Second, we present the design and implementation of a novel and efficient iOS app hardening service, XiOS, that enables fine-grained application sandboxing, and mitigates the existing as well as our new attacks. In contrast to previous work in this domain (on iOS security), our approach does not require to jailbreak the device. We demonstrate the efficiency and effectiveness of XiOS by conducting several benchmarks as well as fine-grained policy enforcement on real-world iOS applications

Buchtitel: 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015)
Freie Schlagworte: ICRI-SC;Secure Things
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 04 Aug 2016 10:13
ID-Nummer: TUD-CS-2015-0013
Verwandte URLs:
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen