SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles

Recent literature on iOS security has focused on the malicious potential of third-party applications, demonstrating how developers can bypass application vetting and code-level protections. In addition to these protections, iOS uses a generic sandbox profile called "container" to confine malicious or exploited third-party applications. In this paper, we present the first systematic analysis of the iOS container sandbox profile. We propose the SandScout framework to extract, decompile, formally model, and analyze iOS sandbox profiles as logic-based programs. We use our Prolog-based queries to evaluate file-based security properties of the container sandbox profile for iOS 9.0.2 and discover seven classes of exploitable vulnerabilities. These attacks affect non-jailbroken devices running later versions of iOS. We are working with Apple to resolve these attacks, and we expect that SandScout will play a significant role in the development of sandbox profiles for future versions of iOS.

[1]  Dionysus Blazakis,et al.  The Apple Sandbox , 2011 .

[2]  Trent Jaeger,et al.  A logical specification and analysis for SELinux MLS policy , 2007, SACMAT '07.

[3]  Ahmad-Reza Sadeghi,et al.  SandBlaster: Reversing the Apple Sandbox , 2016, ArXiv.

[4]  Shi-Min Hu,et al.  Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS~X and iOS , 2015, CCS.

[5]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[6]  Wenke Lee,et al.  Jekyll on iOS: When Benign Apps Become Evil , 2013, USENIX Security Symposium.

[7]  Robert H. Deng,et al.  Comparing Mobile Privacy Protection through Cross-Platform Applications , 2013, NDSS.

[8]  Ahmad-Reza Sadeghi,et al.  XiOS: Extended Application Sandboxing on iOS , 2015, AsiaCCS.

[9]  Trent Jaeger,et al.  Verifying Compliance of Trusted Programs , 2008, USENIX Security Symposium.

[10]  Zijiang Yang,et al.  Policy analysis for administrative role based access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[11]  William Enck,et al.  Mitigating Android Software Misuse Before It Happens , 2008 .

[12]  Trent Jaeger,et al.  Analyzing Integrity Protection in the SELinux Example Policy , 2003, USENIX Security Symposium.

[13]  Robert N. M. Watson,et al.  TrustedBSD: Adding Trusted Operating System Features to FreeBSD , 2001, USENIX Annual Technical Conference, FREENIX Track.

[14]  Ahmad-Reza Sadeghi,et al.  MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones , 2012, NDSS.

[15]  Jean-Pierre Seifert,et al.  Usage control platformization via trustworthy SELinux , 2008, ASIACCS '08.

[16]  Xiangyu Zhang,et al.  iRiS: Vetting Private API Abuse in iOS Applications , 2015, CCS.

[17]  Ralf-Philipp Weinmann,et al.  iOS Hacker's Handbook , 2012 .

[18]  Felix C. Freiling,et al.  Fingerprinting Mobile Devices Using Personalized Configurations , 2016, Proc. Priv. Enhancing Technol..

[19]  Ahmad-Reza Sadeghi,et al.  PSiOS: bring your own privacy & security to iOS devices , 2013, ASIA CCS '13.

[20]  Tony Mason,et al.  Lex & Yacc , 1992 .

[21]  Robert H. Deng,et al.  Launching Generic Attacks on iOS with Approved Third-Party Applications , 2013, ACNS.

[22]  Peng Ning,et al.  EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning , 2015, USENIX Security Symposium.

[23]  Mark W. Newman,et al.  Listening in: practices surrounding iTunes music sharing , 2005, CHI.

[24]  Luigi V. Mancini,et al.  Towards a formal model for security policies specification and validation in the selinux system , 2004, SACMAT '04.

[25]  Hong Chen,et al.  Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems , 2009, NDSS.

[26]  Yizheng Chen,et al.  On the Feasibility of Large-Scale Infections of iOS Devices , 2014, USENIX Security Symposium.