An odd thing happened at Black Hat on Thursday: an Apple security
official gave a talk. Seats began filling early, 20 minutes before the
talk began, and expectations were high, with many people wondering how
much the speaker would reveal about the inner workings of iOS security.
And then the talk began and it was fairly clear that the answer to that
question was, not much.
The talk by Dallas De Atley of Apple's
platform security team was full of technical details on the myriad
security features and defensive technologies in iOS, but most of it was
review of the content that was in the white paper on iOS security
that the company released earlier this year. Speaking to a packed
ballroom, De Atley walked through the security capabilities of iOS, from
the lowest level functions of the boot loader and kernel all the way up
through the code signing requirements and app permissions.
Apple's
security philosophy, he said, is that security needs to be an integral
part of a device or software design from the earliest stages of
development.
"Our attitude is that security is architecture. You
have to build it in from the very beginning. It's not something you can
sprinkle over the code at the end," De Atley said.
If that sounds
a lot like some of the statements you've heard from Microsoft security
officials in the last few years, that's not a coincidence. The
philosophy is the same, as is the goal: make life for attackers as
difficult as possible. For Apple, this means not only protecting the iOS
operating system itself, but also ensuring that all of the apps on the
phone behave correctly and that users data is safeguarded as well.
"The
phone has all of your personal data and these devices know an awful lot
about how we live our lives and become a critical part of how we
interact with other people," he said.
That fact drove a lot of
the security features that Apple built into iOS. The iPhone has a secure
boot process that handles the way that all of the components are loaded
before the kernel starts. It also has a firmware personalization
feature that customies the low-level software to each specific device,
which enables Apple to selectively disable newly discovered flaws in the
kernel for portions of the user population without affecting everyone.
Apple
updates iOS on a regular basis, pushing out new versions to users
several times a year. But users have to install the updates manually,
which can lead to some users running older, vulnerable versions of the
software for some time. However, De Atley said that right now, 80
percent of the iPhone user base is running the most recent version of
iOS. That means most iPhone users have all of the exploit mitigations,
security patches and other updates Apple has released, a nice situation
for any vendor.
In addition to the hardware and low-level software
protections, De Atley said that a major part of the iOS security model
is the way that the devices handle apps. All apps must be signed by the
developer, each of whom is issued a code-signing certificate. And
third-party apps--those not developed by Apple itself--are given a
special set of restrictions.
"All third-party apps live in a
container, and it's randomly assigned at installtion time, so apps
aren't hard-coding where they live on the device," he said. "The
container is sandboxed and that's enforced by the kernel."
Before
the release of the iOS white paper, Apple officials had not spoken much
publicly about the security of the system. Most of what was known about
it was discovered through research by outsiders. De Atley's talk, while
not groundbreaking, could be a positive sign of what's to come in future
security communications from the company.
Courtesy by Dennis Fisher
No comments:
Post a Comment