SandScout:自动检测iOS沙盒配置文件中的缺陷

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2016-10-24 DOI:10.1145/2976749.2978336

Luke Deshotels, Răzvan Deaconescu, Mihai Chiroiu, Lucas Davi, W. Enck, A. Sadeghi

{"title":"SandScout:自动检测iOS沙盒配置文件中的缺陷","authors":"Luke Deshotels, Răzvan Deaconescu, Mihai Chiroiu, Lucas Davi, W. Enck, A. Sadeghi","doi":"10.1145/2976749.2978336","DOIUrl":null,"url":null,"abstract":"Recent literature on iOS security has focused on the malicious potential of third-party applications, demonstrating how developers can bypass application vetting and code-level protections. In addition to these protections, iOS uses a generic sandbox profile called \"container\" to confine malicious or exploited third-party applications. In this paper, we present the first systematic analysis of the iOS container sandbox profile. We propose the SandScout framework to extract, decompile, formally model, and analyze iOS sandbox profiles as logic-based programs. We use our Prolog-based queries to evaluate file-based security properties of the container sandbox profile for iOS 9.0.2 and discover seven classes of exploitable vulnerabilities. These attacks affect non-jailbroken devices running later versions of iOS. We are working with Apple to resolve these attacks, and we expect that SandScout will play a significant role in the development of sandbox profiles for future versions of iOS.","PeriodicalId":432261,"journal":{"name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles\",\"authors\":\"Luke Deshotels, Răzvan Deaconescu, Mihai Chiroiu, Lucas Davi, W. Enck, A. Sadeghi\",\"doi\":\"10.1145/2976749.2978336\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent literature on iOS security has focused on the malicious potential of third-party applications, demonstrating how developers can bypass application vetting and code-level protections. In addition to these protections, iOS uses a generic sandbox profile called \\\"container\\\" to confine malicious or exploited third-party applications. In this paper, we present the first systematic analysis of the iOS container sandbox profile. We propose the SandScout framework to extract, decompile, formally model, and analyze iOS sandbox profiles as logic-based programs. We use our Prolog-based queries to evaluate file-based security properties of the container sandbox profile for iOS 9.0.2 and discover seven classes of exploitable vulnerabilities. These attacks affect non-jailbroken devices running later versions of iOS. We are working with Apple to resolve these attacks, and we expect that SandScout will play a significant role in the development of sandbox profiles for future versions of iOS.\",\"PeriodicalId\":432261,\"journal\":{\"name\":\"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2976749.2978336\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2976749.2978336","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

摘要

最近关于iOS安全的文献集中在第三方应用程序的恶意潜力上，展示了开发人员如何绕过应用程序审查和代码级保护。除了这些保护之外，iOS还使用一种称为“容器”的通用沙箱配置文件来限制恶意或被利用的第三方应用程序。在本文中，我们首次对iOS容器沙盒进行了系统分析。我们提出SandScout框架来提取、反编译、正式建模和分析iOS沙盒配置文件作为基于逻辑的程序。我们使用基于prolog的查询来评估iOS 9.0.2容器沙箱配置文件的基于文件的安全属性，并发现了7类可利用的漏洞。这些攻击会影响运行更高版本iOS的非越狱设备。我们正在与苹果公司合作解决这些攻击，我们希望SandScout将在未来iOS版本的沙盒配置文件开发中发挥重要作用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles

Recent literature on iOS security has focused on the malicious potential of third-party applications, demonstrating how developers can bypass application vetting and code-level protections. In addition to these protections, iOS uses a generic sandbox profile called "container" to confine malicious or exploited third-party applications. In this paper, we present the first systematic analysis of the iOS container sandbox profile. We propose the SandScout framework to extract, decompile, formally model, and analyze iOS sandbox profiles as logic-based programs. We use our Prolog-based queries to evaluate file-based security properties of the container sandbox profile for iOS 9.0.2 and discover seven classes of exploitable vulnerabilities. These attacks affect non-jailbroken devices running later versions of iOS. We are working with Apple to resolve these attacks, and we expect that SandScout will play a significant role in the development of sandbox profiles for future versions of iOS.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量