SecureBootChain
Latest
Apple publishes guide to iOS security
Security on iOS devices is becoming more of a hot topic these days, what with security notables like Eugene Kaspersky warning of future malware attacks that could take down the immense monoculture operating system. Apple's not ignoring the threat; in fact, the company has published a 19-page iOS security document outlining the company's commitment to security on the mobile platform. The free PDF document, available here, describes Apple's approach to security. The system architecture section details the integration of hardware and software on the devices and how it allows for the validation of activities through all processes. For example, when an iOS device is first turned on it goes through a cryptographically signed boot up process, each step of which proceeds only after verifying the chain of trust. There's a description of how app code signing and sandboxing are used to ensure that apps can't compromise the system or other apps. I personally found the hardware security features built into every iOS device to be fascinating -- a dedicated AES256 crypto engine lodged between flash storage and system memory, using the device's UID and a group ID to cryptographically tie data to a particular device. There's also a fully detailed description of device access and network security. The document should be of great interest (and comfort) to those deploying large numbers of iOS devices in enterprises and government settings.
