Cryptography Reference
In-Depth Information
third-party applications. These policies are defined in the enterprise server and
specify the type of connections applications are able to establish, as mentioned
above, and they can restrict the resources an application can access.
Integrity and authenticity of the BlackBerry OS is enforced by the boot process of
the device: As soon as a device is turned on, the processor verifies the code to be
booted using public keys stored inside the processor.
10.2.2 iOS
The operating system iOS running on iPhones follows a similar approach during
the boot process [HS10]: The Apple root certificate is embedded in the boot ROM,
and the integrity and authenticity of the phone firmware is verified using associ-
ated public keys during the boot process.
After booting, applications running on the platform and the data stored on the
device are relevant for security: Applications in iOS are implemented in Objective-
C and stored in the MACH-O format which is basically an enhanced replacement
of the well-known object file format “a.out” in UNIX. Applications stored in this
format are signed by the AppleStore, and a signature is required to run on top of
iOS. Also the system binaries are signed, similar to the trusted boot process.
Signatures are cached in the kernel for efficiency reasons.
iOS also protects applications from each other by a sandboxed runtime environ-
ment called “Seatbelt”: This is a modification of the MAC framework originally
developed by the TrustedBSD project. The main difference being the modified
policy decision engine, that uses mandatory access control on system resources,
such as files, sockets, etc. These access restrictions are policies stored in the so-
called entitlement, which is an XML file stored in the binary application. It contains
the permission of the application as well as its sandbox profile. In contrast to
BlackBerry, these profiles basically apply to all applications installed by the user.
Note that the actual user or a potential administrator does not have control over
this policy which has been refined since the first deployment of iOS. Thus, seatbelt
limits the access of an application to specific resources, including files and memory
of other applications.
These security mechanisms are complemented by standard UNIX features which
prevent the execution of code in the stack or the heap, which is supposed to pre-
vent the exploitation of standard vulnerabilities, such as buffer-over-flows or
format string vulnerabilities.
Lastly, iOS protects application and user data in two ways: It first provides two
partitions, user and system. The latter basically contains all system relevant data
which is to be protected from third-party application. The user partition contains
user and application generated data. From iOS version 4 onwards, Apple also
Search WWH ::
Custom Search