170 likes | 311 Views
PSiOS: Bring Your Own Privacy & Security to iOS Devices. Ahmad-Reza Sadeghi Werthmann ,Ralf Hund Thorsten Holz Lucas Davi Authors Sravya Avasarala Presenter. Outline. Introduction
E N D
PSiOS: Bring Your Own Privacy & Security to iOS Devices Ahmad-Reza Sadeghi Werthmann ,Ralf Hund Thorsten Holz Lucas Davi Authors Sravya Avasarala Presenter
Outline • Introduction • Background and problem description • High level idea • Design of PSiOS • Implementation • Conclusion
Introduction • Smartphone and tablet computers have become ubiquitous • Privacy and security concerns arise • iOS assigns general sandboxing profile contradicts the least privilege principle • Developers must adhere to certain guidelines • Mitigation static analysis tool PSiOSto identify privacy leaks
No solid privacy framework for iOS • Challenges: closed source nature and dynamic nature of Objective –C • Key Idea: detect and prevent privacy leaks by providing specific sandboxing profile to applications • Protection layer between applications and Objective-C runtime environment • Monitors application’s execution • Operates directly on application binary
PSiOS • This framework policy is implemented in a tool- PSiOS • Provides user driven and fine grained sandboxing profile. • User driven update sandboxing w/o recompiling • Fine grained user or admin specifies privileges assigned to an application • Prevents attackers from exploiting vulnerabilities.
Background and Problem Description • 4 layers: • Application layer • Cocoa layer • Core Service layer • Core OS layer
iOS background • Generic sandboxingprofile • Objective-C frameworks-public and private Problemdescription • iOS sandboxing is based on kernel module adopted from TurboBSD • Allows access to public frameworks • Several attacks reported • Supports sandboxing at kernel level • Provides coarse-grained sandboxing • Individual sandboxing rules can be bound to mobile apps using entitlement • Drawback of entitlement: requested by the developers and included in digital signature of the application.
High Level Idea • PSiOS: user-defined sandboxing profile for each application • New module between application layer and Cocoa touch layer policy enforcement • This component mediates every access request to Objective –C runtime and frameworks and system calls. • Enforces rules on every request and checks that the policy is not violated and then forwards request to destination • Control flow attacks are handled by enforcing CFI
Design of PSiOS • 3 phases: • Static analysis(offline) • Binary rewriting(load-time) • CFI and policy enforcement(execution time)
Leverage MoCFI to derive CFG • Implement a static objective-c analyzer to identify used classes and methods • When app is launched, perform binary rewriting • Leverage binary rewriting to insert checkpoints into the app that will be reached whenever an app aims at accessing runtime, frameworks and system call wrapper • At execution time, • Objective-C analyzer handles incompleteness of static analysis process • CFI ensures control flow of app through CFG • Policy enforcement validates if requests adhere to given policy rules
Static Analysis: • Implements Objective-C analyzer to identify all classes, methods and inheritance relationships • Binary Rewriting and Runtime Enforcement • Rewriting after app loader has verified application signature • PSiOS rewrites all access requests to the Objective-C runtime to insert checkpoints. • Objective-C analyzer requests runtime information that were not obtained during static analysis) • At execution, PSiOS ensures the request follows CFG and adheres to rules
Policy Enforcement: • Supports 3 policy enforcement types: Log, Exit and Replace • Log: Ensures all policy violations are recorded by the system. • Exit: Restrictive, terminates process immediately on a policy violation • Replace: Allows the application to continue executing, but PSiOS replaces the return values of the Objective-C runtime with shadow data.
Architecture of PSiOS • PSiOS: user-defined sandboxing profile for each application • New module between application layer and Cocoa touch layer policy enforcement • This component mediates every access request to Objective –C runtime and frameworks and system calls. • Enforces rules on every request and checks that the policy is not violated and then forwards request to destination • Control flow attacks are handled by enforcing CFI
Implementation and Evaluation • Implementation of PSiOS on a prototype that supports iOS version 4.3.2, 4.3.3, 5.0.1, and 5.1.1. • Evaluation using SpyPhone ( an iOS app specifically meant to steal sensitive information) • Applied PSiOS on various apps like Whatsapp, Facebook, Instagram. • Performance: • Negligible overhead • Slight slowdown of RAM speed
Conclusion • A new policy enforcement framework for iOS • Fine grained control, application-specific and user-defined sandboxing for application without access to source code • Secure