#HITBGSEC 2016 SG Conference Track D1 - The Apple Sandbox: Deeper Into The Quagmire - Jonathan Levin

Apple’s Sandboxing (“SeatBelt”) has remained terra incognita since Dionysus Balazakis’s seminal work. 5 years and 300 versions later, however, much as changed. The sandbox has become the linchpin of security in iOS, and the foundation of SIP in OS X 10.11 and later. This talk explores the sandbox in detail, and fills in the gaps from the original work. In particular, we explore the implementations on *OS and OS X, and how they differ. This includes: – Voluntary vs. non-voluntary confinement – Sandbox profiles, both in scheme syntax and binary form – The MACF syscalls hook, primarily ms_sandbox() APIs – Sandboxd (OS X) – ContainerManager (iOS) – Entitlements – Interaction with AMFI All gleaned from reverse engineering, the techniques of which will be of course demonstrated alongside. === CTO of Technologeeks.com, and has been a trainer and consultant in the operating system space for more than 15 years. Author of Mac OS X and iOS Internals (Wiley, 2012), which is slated for release in a 2nd, updated edition soon. Author of “Android Internals: A confectioner’s cookbook” which was released back in October 2014. Taught classes and assisted developers and architects around the world in customizing Android, working around iOS limitations and optimizing performance in mobile environments. Professional clients include Intel, EMC, VMware and others. Taught academically: two semesters of Mobile Architecture Internals for Harvard University.