Posted by: David Harley | April 3, 2012

Talking of iOS Security…

…which I was just yesterday, though not in detail, I came across another excellent iOS resource today: this time, a paper on Apple iOS 4 Security Evaluation by Dino A. Dai Zovi, nowadays CTO at Trail of Bits.  

Here’s a rather compressed version of the Table of Contents, just to give you the flavour:

  • ASLR
  • Code Signing
    • Mandatory Code Signing
    • Code Signing Enforcement
    • AppleMobileFileIntegrity
    • Dynamic Code Signing
  • Sandboxing
    • Application Containers
    • Sandbox Profiles
  • Data Encryption
    • Hardware Encryption
    • Apple iOS Security Evaluation
    • Data Protection API
    • Filesystem Encryption
    • iOS Passcodes
    • Data Protection API Coverage

 As it happens, I’m presenting on PIN/passcode strategies – much of it derived from iOS-specific data – at EICAR next month, so there was one section I homed in on straight away…

Hat tip to Ryan Naraine for flagging the paper.

David Harley CITP FBCS CISSP

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: