• Online, Self-Paced

In order to effectively develop secure iOS applications, it is key for developers to have a significant understanding of the overall iOS security architecture, as well as key techniques that can be used to protect application data and executable code. In this course, you will learn key principles about the iOS security architecture, as well as principles in administering data protection in the iOS environment. You will also learn how to install and use the iPhone Data Protection Tools forensics toolkit, how to implement access control and provisioning, and how to enforce application code signing.

Learning Objectives

Understanding iOS Security Architecture

  • start the course
  • describe how Apple protects the Apple Store
  • define malware, exploitation, and compare Mac OS threats versus iOS threats
  • describe reduced attack surface and stripped-down iOS
  • describe code signing, return-oriented programming (ROP), and data execution prevention
  • describe privilege separation, address space layout randomization, and sandboxing

Data Protection in the iOS Environment

  • describe data protection API and class hierarchy
  • describe file protection classes
  • describe keychain item protection classes
  • describe how file and keychain data protection classes are collected and managed in keybags
  • describe how user passcodes may be attacked

Understanding iOS Network Security

  • identify components of network security supported by iOS 8
  • describe the VPN protocols and authentication methods supported by iOS 8
  • describe Wi-Fi standards and authentication methods supported by iOS 8
  • describe Bluetooth connections and profiles supported by iOS 8
  • describe iOS 8 support for single sign-on authentication on enterprise networks
  • describe iOS 8 support for AirDrop security

Access Control and Provisioning

  • describe how code signing is used to enforce iOS security
  • describe how Mandatory Code Signing is controlled by the Mandatory Access Control Framework, including AMFI hooks
  • describe the provisioning profile and how the provisioning file is validated
  • use the Xcode codesign tool to show signing certificate authority information for an iOS application

Enforcing Code Signing

  • use command line to list the entitlements for a signed iOS application
  • describe how application signing information can be collected and verified
  • describe how signatures are enforced on application processes
  • describe how to prevent signed code from being tampered with
  • describe how to use Just-In-Time compiling to implement dynamic code signing

Practice: Obtaining Application Signing Info

  • use the Xcode codesign tool to obtain information on an iOS application's signing certificate authority and its granted entitlements

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.