SandScout - Automatic Detection of Flaws in iOS Sandbox Profiles
Offered By: Association for Computing Machinery (ACM) via YouTube
Course Description
Overview
Explore a conference talk from CCS 2016 that delves into the automatic detection of flaws in iOS sandbox profiles. Learn about the iOS architecture, sandbox system, and the research question addressed by the SandScout tool. Discover the solution overview, including the human-readable graph and sandbox profile language. Examine examples of writable files and the proof of concept implementation. Understand how SandScout works, its results, and the disclosure process for identified vulnerabilities. Gain insights into specific issues found in Apple Maps, iTunes, and other iOS components, including a directory denial of service and a bypass against Contacts. Conclude with the implications of this research for iOS security.
Syllabus
Intro
Flaws
iOS Architecture
iOS Sandbox
Research Question
Solution Overview
Human readable Graph
Sandbox Profile Language
Example
Questions
Writable files
Proof of concept
How it works
Results
Disclosure Process
Apple Maps
iTunes
Directory
Denial of Service
Bypass against Contacts
CDE 2015001
Conclusion
Taught by
ACM CCS
Related Courses
Peeling the Onion's User Experience Layer - Examining Naturalistic Use of the Tor BrowserAssociation for Computing Machinery (ACM) via YouTube DeepCorr - Strong Flow Correlation Attacks on Tor Using Deep Learning
Association for Computing Machinery (ACM) via YouTube Game of Decoys - Optimal Decoy Routing Through Game Theory
Association for Computing Machinery (ACM) via YouTube PREDATOR - Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration
Association for Computing Machinery (ACM) via YouTube Identifying the Scan and Attack Infrastructure Behind Amplification DDoS Attacks
Association for Computing Machinery (ACM) via YouTube