This chapter discusses the design and implementation of the iOS sandbox. In theory, this is straightforward and easy to implement in practice, bounding the expected behavior of a process is difficult and prone to error. By preventing this subsystem from opening other files, executing other programs, or using the network, an attacker's actions post-code-execution are limited. Because the parsing subsystem is most vulnerable to attack when it processes user-supplied input, it needs access to the input file and little else. Another subsystem, in charge of rendering this document to the screen, consumes this internal representation. Imagine a PDF rendering application: One subsystem of the application parses the opened file to produce an internal representation. The goal of the sandbox is to limit post-code-execution actions by providing an interface for bounding the behavior of a process. Apple's iOS sandbox, descending from a similar system found in OS X, provides one method to limit the actions performed by a process. Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) increase the investment required to gain code execution, but other mitigations are necessary to limit damage in case code execution is realized. IOS provides multiple layers of exploitation mitigation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |