Scribd Logo
Upload

Welcome to Scribd!

  • The Iphone: A Case For Software Security: Dwayne Bates

    Uploaded by

    designer333
    54 views19 pages

    Original Title

    iPhone

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    54 views19 pages

    The Iphone: A Case For Software Security: Dwayne Bates

    Uploaded by

    designer333

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 19

    The iPhone: A Case for

    Software Security

    Dwayne Bates
    Acknowledgements
     Graham Cluley’s Blog
    http://www.sophos.com/blogs/gc/g/2009/11/
    03/hacked-iphones-held-hostage-5-euros/
     Nicolas Seriot (SpyPhone)-
    http://seriot.ch/blog.php?article=20100203
     Apple’s Developer Site-
    developer.apple.com
    Overview
     What is the iPhone?
     History of Privacy Issues for the iPhone
     Spyware and the iPhone
     iPhone Applications
     How did this information affect the development
    process?
     Closing Remarks
     References
    What is the iPhone?
     Features:
     iPod
     Phone
     Internet QuickTime™ and a
    decompressor
    are needed to see this picture.
    Security Overview
     History of Security and Privacy Issues:
     Root exploits and Personal Data Harvesting
     Jailbreaking and Worms
    Security Overview cont.'d..
     Spyware and the iPhone: SpyPhone
    /var/mobile/Library/Keyboard/
    /
    var/mobile/Library/Preferences/com.apple.accoun
    tsettings.plist
    /
    var/mobile/Library/Preferences/com.apple.commc
    enter.plist
    /
    var/mobile/Library/Preferences/com.apple.mobile
    phone.settings.plist
    /
    var/mobile/Library/Preferences/com.apple.mobile
    phone.plist
    /
    var/mobile/Library/Preferences/com.apple.mobiles
    afari.plist
    /
    var/mobile/Library/Preferences/com.apple.prefere
    nces.datetime.plist
    /
    var/mobile/Library/Preferences/com.apple.weathe
    r.plist
    /
    var/mobile/Library/Preferences/com.apple.youtub
    iPhone Applications
     Development Process
     Enroll in iPhone Developer Program
     Download iPhone SDK
     Gain working knowledge of Objective-C
    iPhone Applications cont.'d..
     Development Tools

    QuickTime™ and a
    decompres s or
    are needed to s ee this picture. Xcode- Development Environment

    QuickTime™ and a
    decompress or
    are needed to see this picture.
    iPhone Simulator- Simulation of the application
    in it's environment

    QuickTime™ and a
    decompres sor
    Interface Builder- Used to build the user
    interface
    are needed to see this picture.

    CLANG- Static Analysis Tool


    Apple’s Secure Coding Guide
    Motivation
    In my work I propose the development of an iPhone application
    with the information and tools provided by Apple to developers.
    In addition, I will be evaluating the information and tools in an
    effort to see if they are adequate enough for development of
    secure applications. The development process will be enhanced
    to focus on the use of software security principles throughout
    the entire Software Development Life Cycle (SDLC). By
    incorporating these principles throughout the SDLC, the
    resulting application will be more reliable and better quality.
    Proof of Concept
    Poof- is an iPhone game in which
    the player must try to match at
    least three like tiles at a time in
    an effort to clear the board. If the
    player succeeds in this effort and
    achieves a high score they are
    prompted to enter their name into
    a high score list.
    Contributions
     Usability
     Security
     Integrity
    Risk Analysis
     Buffer Overflow
     File Modification
     High Score List Hacking
     Memory Leaks
    Buffer Overflow
     Input Validation
    - -(BOOL) textField:(UITextField*)textField shouldChangeCharactersInRange:(NSRange)range replacementString:
    (NSString*)textEntered {

    - NSCharacterSet *myCharSet = [NSCharacterSet characterSetWithCharactersInString:@"~`!@#$%^&*()_-+={}[]|\:";'<>?/.,"]; for


    (int i = 0; i < [textEntered length]; i++) {

    - unichar c = [textEntered characterAtIndex:i];

    - if ([myCharSet characterIsMember:c]) {

    - return NO; }

    - } return YES;}

    - - (void)textFieldDidEndEditing:(UITextField *)textField {if([textField.text length]>0&&[textField.text


    length]<=10){

    - acceptable=textField.text;}

    - else{

    - [self getUserNameErrorMSG:YES];}

    - if((acceptable!=nil)){[self stringForHS:YES];}}
    Buffer Overflow
     Input Validation
    File Modification
    File Modification
    -(void) saveSettings{
    NSString * path = [[NSBundle mainBundle] bundlePath];
    NSString * file = [path stringByAppendingPathComponent:@"settings.plist"];

    [self.settings writeToFile:file atomically:YES];

    [path release];
    [file release];
    }

    -(void) saveHighScores{
    NSString * path = [[NSBundle mainBundle] bundlePath];
    NSString * file = [path stringByAppendingPathComponent:@"highscores.plist"];

    [self.highScores writeToFile:file atomically:YES];

    [path release];
    [file release];
    }
    Memory Leaks
    CLANG- Static Analysis Results
    Memory Leaks
    Conclusion
     CLANG
     Security Related Bugs
     File Validation
     File Paths
     File Read function enhancement

    You might also like