iOS Security Architecture and Application Data Protection


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
In order to effectively develop secure iOS applications, it is key for developers to have a significant understanding of the overall iOS security architecture, as well as key techniques that can be used to protect application data and executable code. In this course, you will learn key principles about the iOS security architecture, as well as principles in administering data protection in the iOS environment. You will also learn how to install and use the iPhone Data Protection Tools forensics toolkit, how to implement access control and provisioning, and how to enforce application code signing.

Target Audience
Application developers on the beginner and intermediate level seeking to create and deploy secure iOS applications.

Prerequisites
None

Expected Duration (hours)
1.5

Lesson Objectives

iOS Security Architecture and Application Data Protection

  • start the course
  • describe how Apple protects the Apple Store
  • define malware, exploitation, and compare Mac OS threats versus iOS threats
  • describe reduced attack surface and stripped-down iOS
  • describe code signing, return-oriented programming (ROP), and data execution prevention
  • describe privilege separation, address space layout randomization, and sandboxing
  • describe data protection API and class hierarchy
  • describe file protection classes
  • describe keychain item protection classes
  • describe how file and keychain data protection classes are collected and managed in keybags
  • describe how user passcodes may be attacked
  • identify components of network security supported by iOS 8
  • describe the VPN protocols and authentication methods supported by iOS 8
  • describe Wi-Fi standards and authentication methods supported by iOS 8
  • describe Bluetooth connections and profiles supported by iOS 8
  • describe iOS 8 support for single sign-on authentication on enterprise networks
  • describe iOS 8 support for AirDrop security
  • describe how code signing is used to enforce iOS security
  • describe how Mandatory Code Signing is controlled by the Mandatory Access Control Framework, including AMFI hooks
  • describe the provisioning profile and how the provisioning file is validated
  • use the Xcode codesign tool to show signing certificate authority information for an iOS application
  • use command line to list the entitlements for a signed iOS application
  • describe how application signing information can be collected and verified
  • describe how signatures are enforced on application processes
  • describe how to prevent signed code from being tampered with
  • describe how to use Just-In-Time compiling to implement dynamic code signing
  • use the Xcode codesign tool to obtain information on an iOS application's signing certificate authority and its granted entitlements

    • Course Number:
    sp_fois_a01_it_enus

    Expertise Level
    Intermediate