SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles
| Title | SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Deshotels, Luke, Deaconescu, Razvan, Chiroiu, Mihai, Davi, Lucas, Enck, William, Sadeghi, Ahmad-Reza |
| Conference Name | Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4139-4 |
| Keywords | app, Apple, Collaboration, composability, confinement, Encryption, Human Behavior, ios, iOS encryption, iPhone, Metrics, pubcrawl, Resiliency, sandblaster, sandbox, Sandboxing, Scalability, seatbelt, Security Policies Analysis |
| Abstract | Recent literature on iOS security has focused on the malicious potential of third-party applications, demonstrating how developers can bypass application vetting and code-level protections. In addition to these protections, iOS uses a generic sandbox profile called "container" to confine malicious or exploited third-party applications. In this paper, we present the first systematic analysis of the iOS container sandbox profile. We propose the SandScout framework to extract, decompile, formally model, and analyze iOS sandbox profiles as logic-based programs. We use our Prolog-based queries to evaluate file-based security properties of the container sandbox profile for iOS 9.0.2 and discover seven classes of exploitable vulnerabilities. These attacks affect non-jailbroken devices running later versions of iOS. We are working with Apple to resolve these attacks, and we expect that SandScout will play a significant role in the development of sandbox profiles for future versions of iOS. |
| URL | http://doi.acm.org/10.1145/2976749.2978336 |
| DOI | 10.1145/2976749.2978336 |
| Citation Key | deshotels_sandscout:_2016 |