Play all

Introduction

iOS Mobile App Security (MAS) Elevator Pitch

Hacking and Jailbreaking ios Attacks and weaknesses are well documented

Recent iOS App Coding and OS Reported Vulnerabilities

Standard iOS Application Today

Research Idea: IMAS Secure Application Framework

iOS Security Architecture

IMAS App Security "trade-space" Comparison Mar 2014

IMAS - Security Controls Device Access

Github: project-imas.github.io 13 Controls

IMAS - Encrypted Core Data (ECD) em

Encrypted Core Data Additional iMAS Support

Multi-compiler Based on work out of UC Irvine by Michael Franz and Per Larsen . Produces different binaries each compile • Static analysis and ROP exploits must account for variations

System Monitor - Monitor all device processes and network calls at the kernel level - Filtering tools to find and react to developer defined system events -IMAS provides direct programmatic app integ…

Memory Security Allows encryption, wiping, and checksums of objects in memory - Provides function address space validation Application Start

File Shredding

IMAS Sentry Application Add to existing Apple deployed devices • Jailbreak and Debugger Detection

Prior Research Focus - modifying ELF structures

iOS Static App Attacks

Static App Attacks Process

Code Injection and Binary Patching

Consequences of Static Attacks

Encrypted Code Modules (ECM) WHAT?

IMAS Encrypted Code Modules (ECM) Summary

ECM - Encrypted Code Modules Concept 2/3

Build Summary

App Startup

Validating Integrity

ECM Advantages

Description:

Explore iOS app integrity and security measures in this OWASP AppSecUSA 2014 conference talk. Learn about vulnerabilities in iOS applications to static analysis and binary code patching, and discover open-source solutions like Encrypted Code Modules (ECM) to protect sensitive enterprise iOS apps. Gain insights into anti-tamper techniques that resist patching, and follow a step-by-step process to enhance the security and authenticity of iOS applications. Delve into topics such as jailbreak detection, debugger detection, and the iMAS (iOS Mobile Application Security) research project. Understand the iOS security architecture, various security controls, and advanced concepts like multi-compiler techniques and memory security. Examine the process of static app attacks, code injection, and binary patching, along with their consequences. Acquire knowledge about implementing and validating ECM to significantly improve iOS app integrity.

iOS App Integrity: Enhancing Security with Encrypted Code Modules

OWASP Foundation

Add to list

#Programming #Mobile Development #iOS Development #iOS Security #Software Development #Software Testing #Static Analysis #Information Security (InfoSec) #Cybersecurity #Application Security #Code Injection #Mobile Application Security

0:00 / 0:00