You are previewing Professional Cocoa® Application Security.
O'Reilly logo
Professional Cocoa® Application Security

Book Description

The first comprehensive security resource for Mac and iPhone developers

The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development.

  • While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first comprehensive reference to Apple's application security frameworks and features

  • Shows developers how to consider security throughout the lifecycle of a Cocoa application, including how Mac and iPhone security features work and how to leverage them

  • Describes how to design, implement, and deploy secure Mac and iPhone software, covering how user configurations affect application security, the keychain feature, how to maximize filesystem security, how to write secure code, and much more

Professional Cocoa Application Security arms Apple developers with essential information to help them create Mac and iPhone applications as secure as the operating system they run on.

Table of Contents

  1. Copyright
  2. ABOUT THE AUTHOR
  3. ABOUT THE TECHNICAL EDITOR
  4. CREDITS
  5. ACKNOWLEDGMENTS
  6. INTRODUCTION
    1. WHO SHOULD READ THIS BOOK
    2. WHAT ARE WE TRYING TO SECURE, AND FROM WHAT?
    3. ABOUT THE EXAMPLES
    4. CONVENTIONS USED IN THIS BOOK
    5. SOURCE CODE
    6. ERRATA
    7. P2P.WROX.COM
  7. 1. Secure by Design
    1. 1.1. ABOUT COCOA SECURITY
    2. 1.2. PROFILING YOUR APPLICATION'S SECURITY RISKS
    3. 1.3. DEFINING THE SECURITY ENVIRONMENT
      1. 1.3.1. Identifying the Application's Users
      2. 1.3.2. Identifying the Application's Misusers
      3. 1.3.3. The Assets That Can Be Taken
        1. 1.3.3.1. What Makes an Asset Important?
        2. 1.3.3.2. Types of Assets
      4. 1.3.4. Understanding the Data Flow
        1. 1.3.4.1. The User Interface
        2. 1.3.4.2. Data from External Sources
        3. 1.3.4.3. Coding for Security
    4. 1.4. DEFINING THREATS
      1. 1.4.1. What Is a Threat?
        1. 1.4.1.1. Visualizing the Threats
        2. 1.4.1.2. Assessing a Threat's Likelihood
      2. 1.4.2. STRIDE Classification
    5. 1.5. DEFINING AND MITIGATING VULNERABILITIES
      1. 1.5.1. Vulnerabilities as Unprotected Threats
      2. 1.5.2. Estimating Risk
      3. 1.5.3. DREAD classification
    6. 1.6. SUMMARY
  8. 2. Managing Multiple Users
    1. 2.1. CAVEAT FOR IPHONE DEVELOPERS
    2. 2.2. WHY WE HAVE MULTIPLE USERS
    3. 2.3. User Groups
      1. 2.3.1. Administrative Users
      2. 2.3.2. Other Built-In Groups
      3. 2.3.3. Custom Groups
    4. 2.4. UNDERSTANDING DIRECTORY SERVICES
      1. 2.4.1. Open Directory Architecture
      2. 2.4.2. Directory Services Plug-Ins
        1. 2.4.2.1. Local
        2. 2.4.2.2. NetInfo
        3. 2.4.2.3. BSD Flat File and NIS
        4. 2.4.2.4. LDAPv3
        5. 2.4.2.5. Other Plug-Ins
      3. 2.4.3. Kerberos
      4. 2.4.4. Local KDC in Leopard and Snow Leopard
      5. 2.4.5. Kerberos for Developers
    5. 2.5. ACCESSING USER PREFERENCES AND MANAGED PREFERENCES
    6. 2.6. SUMMARY
  9. 3. Using the Filesystem Securely
    1. 3.1. UNIX PERMISSIONS
      1. 3.1.1. "Sticky' Folders
      2. 3.1.2. Setuid and Setgid Permissions
      3. 3.1.3. UNIX Permissions and Removable Media
    2. 3.2. FILESYSTEM FLAGS
    3. 3.3. ACCESS CONTROL LISTS
      1. 3.3.1. ACL Inheritance
      2. 3.3.2. Using the ACL API
    4. 3.4. FILEVAULT AND OTHER ENCRYPTION OPTIONS
      1. 3.4.1. FileVault
      2. 3.4.2. Encrypted Disk Images
      3. 3.4.3. Block Encryption
    5. 3.5. NETWORK FILESYSTEMS
    6. 3.6. LAYOUT AND SECURITY OF A TYPICAL MAC OS X FILESYSTEM
    7. 3.7. ALIASES AND BOOKMARKS
    8. 3.8. QUARANTINING DOWNLOADED FILES
    9. 3.9. SECURELY DELETING FILES
    10. 3.10. DISK ARBITRATION
    11. 3.11. SUMMARY
  10. 4. Handling Multiple Processes
    1. 4.1. PRIVILEGE SEPARATION
    2. 4.2. DESIGNING MULTIPLE-PROCESS SYSTEMS
    3. 4.3. MANAGING PROCESS LIFECYCLES WITH LAUNCHD
    4. 4.4. HOW TO USE SETUID AND SETGID
    5. 4.5. COMMUNICATION BETWEEN PROCESSES
      1. 4.5.1. Mach Ports
      2. 4.5.2. Distributed Objects
      3. 4.5.3. Notifications
    6. 4.6. PLAYING IN THE SANDBOX
      1. 4.6.1. Mac Sandbox
      2. 4.6.2. iPhone Sandbox
    7. 4.7. GUARANTEEING CODE'S ORIGIN
    8. 4.8. SUMMARY
  11. 5. Storing Confidential Data in the Keychain
    1. 5.1. WHAT IS THE KEYCHAIN?
    2. 5.2. WHY SHOULD I USE THE KEYCHAIN?
    3. 5.3. HOW TO TAKE ADVANTAGE OF THE KEYCHAIN
      1. 5.3.1. General Passwords
      2. 5.3.2. Internet Passwords
      3. 5.3.3. Secondary Keychains
      4. 5.3.4. Certificate Management and the Keychain
    4. 5.4. KEYCHAIN ON THE IPHONE
      1. 5.4.1. Keychain Administration and Use
      2. 5.4.2. Persistent Keychain References
    5. 5.5. SUMMARY
  12. 6. Performing Privileged Tasks
    1. 6.1. HOW TO ACQUIRE RIGHTS
      1. 6.1.1. What Is a Right?
      2. 6.1.2. Getting a Right
    2. 6.2. FACTORED APPLICATIONS WITH AUTHORIZATION SERVICES
      1. 6.2.1. Identify the Privilege Boundaries
      2. 6.2.2. Writing the Application
      3. 6.2.3. The Helper Tool
    3. 6.3. THE AUTHORIZATION DATABASE
      1. 6.3.1. What Are Rules?
      2. 6.3.2. Creating Custom Rules
    4. 6.4. WHY NOT TO LAUNCH PRIVILEGED TASKS WITH AUTHORIZATION SERVICES
    5. 6.5. THE PADLOCK
    6. 6.6. AUTHORIZATION PLUG-INS
    7. 6.7. SUMMARY
  13. 7. Auditing Important Operations
    1. 7.1. EXAMPLES OF AUDITING
      1. 7.1.1. Authorization Services
      2. 7.1.2. Sudo Logs
      3. 7.1.3. User Account Logging
      4. 7.1.4. Firewall Log
      5. 7.1.5. Filesystem Change Tracking
      6. 7.1.6. Process Accounting
    2. 7.2. USING APPLE SYSTEM LOGGER
      1. 7.2.1. Getting a Message into ASL
      2. 7.2.2. Creating Additional Log Files
      3. 7.2.3. Searching the ASL Database
      4. 7.2.4. Access Control
    3. 7.3. BASIC SECURITY MODULE
    4. 7.4. SUMMARY
  14. 8. Securing Network Connections
    1. 8.1. REMOTE AUTHENTICATION
      1. 8.1.1. HTTP Authentication
      2. 8.1.2. Other Authentication Methods for Web Services
        1. 8.1.2.1. Kerberos
        2. 8.1.2.2. OpenID and OAuth
    2. 8.2. PRIVILEGE BOUNDARIES IN NETWORKED APPLICATIONS
    3. 8.3. DOES 'BONJOUR' MEAN IT'S ADIEU TO NETWORK SECURITY?
    4. 8.4. WORKING WITH THE FIREWALL
      1. 8.4.1. Application Firewall Behavior
      2. 8.4.2. ipfw
    5. 8.5. NETWORK CONFIGURATION WITH SYSTEMCONFIGURATION
    6. 8.6. TAKING ADVANTAGE OF SSL
      1. 8.6.1. About SSL
      2. 8.6.2. Using SSL
    7. 8.7. SUMMARY
  15. 9. Writing Secure Application Code
    1. 9.1. SECURE OBJECTIVE-C CODING
      1. 9.1.1. Object Instance Variable Privacy
      2. 9.1.2. Instance and Class Method Privacy
      3. 9.1.3. Loadable Bundles
      4. 9.1.4. Types of Returned Objects
      5. 9.1.5. Objective-C Exception Handling
      6. 9.1.6. Lightning Tour: Foundation
      7. 9.1.7. Lightning Tour: AppKit
      8. 9.1.8. Lightning Tour: UIKit
    2. 9.2. SECURE C CODING
      1. 9.2.1. Buffer Overflows
      2. 9.2.2. Insecure Functions
        1. 9.2.2.1. strcpy()
        2. 9.2.2.2. printf() and Friends
        3. 9.2.2.3. tmpnam() and mktemp()
        4. 9.2.2.4. Removing Dangerous Functions
      3. 9.2.3. Where to Find Out More
    3. 9.3. CODE REVIEWS AND OTHER BUG-FINDING TECHNIQUES
      1. 9.3.1. Code Reviews
      2. 9.3.2. Code Checklists
      3. 9.3.3. Static Analysis
      4. 9.3.4. Unit Testing
      5. 9.3.5. Automated Hardening Measures
        1. 9.3.5.1. _FORTIFY_SOURCE Preprocessor Macro
        2. 9.3.5.2. Stack-Smashing Protection
        3. 9.3.5.3. Address-Space Layout Randomization
      6. 9.3.6. Addressing Security Defects
    4. 9.4. SUMMARY
  16. 10. Deploying Software Securely
    1. 10.1. WRITING SECURITY DOCUMENTATION
      1. 10.1.1. In-Application Security Documentation
      2. 10.1.2. Security Documentation in the Manual
    2. 10.2. IDENTIFY YOURSELF WITH CODE SIGNING
    3. 10.3. GIVING YOUR CODE TO YOUR USERS
      1. 10.3.1. Disk Images and Drag-Installs
      2. 10.3.2. Installer Packages and PackageMaker
    4. 10.4. ROLLING YOUR OWN INSTALLER
    5. 10.5. DEPLOYING PRIVILEGED HELPERS WITHOUT INSTALLERS
    6. 10.6. RESPONDING TO SECURITY PROBLEMS
      1. 10.6.1. Handling Security Bug Reports
      2. 10.6.2. Providing Software Updates
    7. 10.7. SUMMARY
  17. 11. Kernel Extensions
    1. 11.1. THE KERNEL ENVIRONMENT
    2. 11.2. FILESYSTEM ACCESS AUTHORIZATION WITH KAUTH
      1. 11.2.1. Introduction to the VFS
      2. 11.2.2. Vetoing Filesystem Operations
    3. 11.3. SUMMARY
  18. 12. Conclusion and Further Reading
    1. 12.1. FURTHER READING