TU Darmstadt / ULB / TUbiblio

PSiOS: Bring Your Own Privacy & Security to iOS Devices (Distinguished Paper Award)

Werthmann, Tim ; Hund, Ralf ; Davi, Lucas ; Sadeghi, Ahmad-Reza ; Holz, Thorsten (2013)
PSiOS: Bring Your Own Privacy & Security to iOS Devices (Distinguished Paper Award).
Conference or Workshop Item, Bibliographie

Abstract

Apple iOS is one of the most popular mobile operating systems. As its core security technology, iOS provides application sandboxing but assigns a generic sandboxing profile to every third-party application. However, recent attacks and incidents with benign applications demonstrate that this design decision is vulnerable to crucial privacy and security breaches, allowing applications (either benign or malicious) to access contacts, photos, and device IDs. Moreover, the dynamic character of iOS apps written in Objective-C renders the currently proposed static analysis tools less useful.

In this paper, we aim to address the open problem of preventing (not only detecting) privacy leaks and simultaneously strengthening security against runtime attacks on iOS. Compared to similar research work on the open Android, realizing such a system for the closed-source iOS is highly involved.

We present the design and implementation of PSiOS, a tool that features a novel policy enforcement framework for iOS. It provides fine-grained, application-specific, and user/administrator defined sandboxing for each third-party application without requiring access to the application source code. Our reference implementation deploys control-flow integrity based on the recently proposed MoCFI (Mobile CFI) framework that only protects applications against runtime attacks. We evaluated several popular iOS applications (e.g., Facebook, WhatsApp) to demonstrate the efficiency and effectiveness of PSiOS.

Item Type: Conference or Workshop Item
Erschienen: 2013
Creators: Werthmann, Tim ; Hund, Ralf ; Davi, Lucas ; Sadeghi, Ahmad-Reza ; Holz, Thorsten
Type of entry: Bibliographie
Title: PSiOS: Bring Your Own Privacy & Security to iOS Devices (Distinguished Paper Award)
Language: German
Date: 2013
Book Title: 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013)
Corresponding Links:
Abstract:

Apple iOS is one of the most popular mobile operating systems. As its core security technology, iOS provides application sandboxing but assigns a generic sandboxing profile to every third-party application. However, recent attacks and incidents with benign applications demonstrate that this design decision is vulnerable to crucial privacy and security breaches, allowing applications (either benign or malicious) to access contacts, photos, and device IDs. Moreover, the dynamic character of iOS apps written in Objective-C renders the currently proposed static analysis tools less useful.

In this paper, we aim to address the open problem of preventing (not only detecting) privacy leaks and simultaneously strengthening security against runtime attacks on iOS. Compared to similar research work on the open Android, realizing such a system for the closed-source iOS is highly involved.

We present the design and implementation of PSiOS, a tool that features a novel policy enforcement framework for iOS. It provides fine-grained, application-specific, and user/administrator defined sandboxing for each third-party application without requiring access to the application source code. Our reference implementation deploys control-flow integrity based on the recently proposed MoCFI (Mobile CFI) framework that only protects applications against runtime attacks. We evaluated several popular iOS applications (e.g., Facebook, WhatsApp) to demonstrate the efficiency and effectiveness of PSiOS.

Uncontrolled Keywords: ICRI-SC;Secure Things;Secure Architectures
Identification Number: TUD-CS-2013-0021
Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 04 Aug 2016 10:13
Last Modified: 03 Jun 2018 21:31
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details