DOCSLIB.ORG

Are Apple's Security Measures Sufficient to Protect Its Mobile

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Are Apple's Security Measures Sufficient to Protect Its Mobile Are Apple’s Security Measures Sufficient to Protect Its Mobile Devices? Galen A. Grimes Department of Information Sciences and Technology Penn State University – Greater Allegheny Campus McKeesport, PA, USA [email protected] Abstract—Apple Computer’s iPad tablet computer 2011 Apple had sold more than 25 million iPads has taken a commanding lead in the tablet market worldwide making it the undeniable leader in the and history has shown that whenever a computer tablet market [4]. platform becomes dominant, it also becomes a target for malicious intruders and malware. Apple The iPad runs the iPhone Operating System computers have long been touted as being safer (iPhone OS, or simply iOS) which enables it to from malware than their Windows counterparts, likewise run the more than 550,000+ available largely because of their smaller market share. This iPhone applications (called “apps” for short) in paper examines the current state of security for the addition to the more than 140,000+ apps iPad and mobile devices running Apple’s iPhone designed specifically for the iPad with its larger Operating System. Does the iPad have any vulnerabilities that need to be addressed by Apple, screen and more powerful processor. Missing for or is it as safe and malware-proof as some Apple a long time, however, from this mega-catalog of devotees attest? utilities, productivity apps, and games are two apps that most security experts would deem Keywords-iPad; iPhone; malware; mobile essential on any other computer system: an devices; security; antivirus app and a firewall app. The first of I. INTRODUCTION these gaps was filled in July of 2011 when the security vendor Intego released VirusBarrier iOS Apple has long touted its seemingly for the iPhone, iPod, and iPad, making it the first invulnerability to malware on both of its anti-virus app for Apple mobile devices [5]. platforms—Mac OS X and iPhone Operating System. The debate on the invulnerability of the The VirusBarrier app is not a full-featured Mac OS X platform has two major camps. The application like you might utilize on your first faction contends that Mac OS X is based on desktop or laptop; but it will allow you to an inherently superior software design than manually scan files in email attachments and Microsoft Windows, and this superior design files imported to your mobile device via makes it more resistant to malware [1]. This DropBox. It will also allow you to manually scan group also largely dismisses the contention of files on web sites you frequent, your iDisk in the other faction, which contends that virus your MobileMe account, and FTP or WebDAV writers haven’t targeted Macs because Apple sites. lacks market-share. The argument from the other camp goes that Windows dominates the But there is still little reason for most iOS users worldwide PC market with Windows operating to worry about malware. To date, only five iOS on roughly 90-95% of all personal computers pieces of malware have been identified ever [6] and thus virus writers get more "bang for their [7]. buck" by going after the "largest fish in the Even though Apple’s mobile products still lack a ocean" [2]. firewall app, Mac OS X since its inception has If you agree with the market share argument, included a firewall and numerous third-party then Apple seemingly has created a new target vendors have created and successfully promoted for malicious hackers. The Apple iPad in its first antivirus/security software for the Mac OS X two months took a commanding lead in the tablet platform, such as Symantec, McAfee, Sophos, computer race selling more than 2 million units and Intego even though very few verifiable [3]. Apple exceeded sales predictions in 2010 by pieces of malware have been identified including selling more than 10 million iPads. By June of 978-1-4577-0580-9/12/$26.00 ©2012 IEEE a report last year about malicious spyware found security researchers reported today. in a third party screensaver [8]. According to U.K-based antivirus vendor Sophos and U.S. Mac security company Intego, Mac OS X Some security experts still recommend using 10.6.4, which Apple released this past Tuesday, antivirus/security software on Mac OS X to includes an update to XProtect. prevent Macs from becoming carriers and Dubbed that because the malware signatures are spreaders of malware even if they are impervious contained within Snow Leopard's "XProtect.plist" to the mostly Windows-based malware [9]. Macs file, the feature debuted in August 2009 with the are still able to forward emails containing launch of Mac OS X 10.6. At the time, Apple included detection for only two pieces of malware, malware without themselves becoming infected. Trojan horses named "RSPlug.a" and "Iservice" by From a design perspective, Mac OS X and iOS Symantec [11]. are in a much better position to fend off malware Apple developers use the same “sandboxing” than Windows. Apple maintains a much more memory management techniques to control closed and controlled hardware and software program and data access inside iOS as explained environment with Mac OS X and iOS than does in the iPhone Application Programming Guide. Microsoft with its Windows OS. While For security reasons, iPhone OS restricts an Windows is designed to run on a seemingly application (including its preferences and data) to endless array of hardware devices, i.e., PCs, a unique location in the file system. This netbooks, smartphones, etc., from an equally restriction is part of the security feature known as endless number of vendors, Mac OS X and iOS the application’s “sandbox.” The sandbox is a set of fine-grained controls limiting an application’s operate on a very small and tightly controlled list access to files, preferences, network resources, of hardware devices all controlled by Apple. hardware, and so on. In iPhone OS, an application and its data reside in a secure location that no other application can access. [12]. II. APPLE’S SECURITY DESIGN However, the developers warn that the iOS Apple’s approach to security is as controlled as sandbox does not provide absolute protection its closed hardware environment. Within Mac against attackers. OS X, Apple uses a protected memory The sandbox limits the damage an attacker can environment that its developers call cause to other applications and to the system, but it cannot prevent attacks from happening. In other “sandboxing”. words, the sandbox does not protect your With virtually no effort on your part, Mac OS X application from direct attacks by malicious offers a multilayered system of defenses against entities. For example, if there is an exploitable viruses and other malicious applications, or buffer overflow in your input-handling code and malware. For example, it prevents hackers from you fail to validate user input, an attacker might harming your programs through a technique still be able to crash your program or use it to called “sandboxing” — restricting what actions execute the attacker’s code [13]. programs can perform on your Mac, what files they can access, and what other programs they can Attacks against Apple’s Mac OS X security launch. Other automatic security features include posture are not merely centered on whether the Library Randomization, which prevents malicious OS is vulnerable to malware. The hacker group commands from finding their targets, and Execute that launched the attack against AT&T revealing Disable, which protects the memory in your Mac from attacks [10]. the email addresses of more than 100,000 iPad owners has also revealed security flaws in the In a nutshell, Apple developers have isolated Safari Web browser, which is installed on both operations in the OS to prevent one program and Mac OS X and iOS. its associated data from accessing another According to [Escher] Auernheimer, Goatse program and its associated data, thus providing Security released an overflow exploit for Safari built-in protection against malware. As secure as back in March. Apple patched the vulnerability this model appears, Apple developers are still for the desktop, but not for the iPad: "This bug we aware that it is not totally bulletproof and include crafted allows the viewer of a Web page to become a proxy (behind corporate and code to protect against malware. In June of 2011 government firewalls!) for spamming, exploit Apple developers quietly added additional anti- payloads, password bruteforce attacks, and other malware code to Snow Leopard (Mac OS X undesirables. The kicker is that this attack cannot 10.6.x). be detected by any current IDS/IPS system. We released this in March, mind you, and Apple still Ten months after it debuted rudimentary malware hasn't got around to patching this on the iPad!" scanning in Snow Leopard, Apple this week quietly Auernheimer wrote [14]. added a signature for a third piece of malware, 978-1-4577-0580-9/12/$26.00 ©2012 IEEE But the biggest concern about Apple’s security or patching, the iBoot and operating system vulnerability involves iPhones and iPads where kernel in this process, rendering them unable to do the digital signature checks that evaluate and the users have run software to “jailbreak” the distinguish authorized or unauthorized software devices. [16]. The iPad was actually jailbroken using a fairly lengthy process, which involves replacing plists III. THE JAILBREAKING SECURITY DILEMMA [property lists] on the device using replacement of files using a loosely checked backup over USB Jailbreaking is the term used to describe iPhones process. Carefully crafted files can be placed on and iPads in which the users have run software the filesystem that are run and the outcome is that to modify the operating system.
Load more

Recommended publications
  • Isam: an Iphone Stealth Airborne Malware
    iSAM: An iPhone Stealth Airborne Malware Dimitrios Damopoulos, Georgios Kambourakis, and Stefanos Gritzalis Info-Sec-Lab Laboratory of Information and Communications Systems Security, University of the Aegean, Samos, Greece {ddamop,gkamb,sgritz}@aegean.gr http://www.icsd.aegean.gr/info-sec-lab Abstract. Modern and powerful mobile devices comprise an attractive target for any potential intruder or malicious code. The usual goal of an attack is to acquire users’ sensitive data or compromise the device so as to use it as a stepping stone (or bot) to unleash a number of attacks to other targets. In this paper, we focus on the popular iPhone device. We create a new stealth and airborne malware namely iSAM able to wirelessly infect and self-propagate to iPhone devices. iSAM incorporates six different malware mechanisms, and is able to connect back to the iSAM bot master server to update its programming logic or to obey commands and unleash a synchronized attack. Our analysis unveils the internal mechanics of iSAM and discusses the way all iSAM components contribute towards achieving its goals. Although iSAM has been specifically designed for iPhone it can be easily modified to attack any iOS-based device. Keywords: Malware, iPhone, iOS, Jailbreak, Stealth, Airborne, Rootkit. 1 Introduction Mobile devices have evolved and experienced an immense popularity over the last few years. These devices have penetrated the market due to the variety of data services they offer, such as texting, emailing, browsing the Internet, documents editing, listening to music, watching videos and playing games in addition to the traditional voice services. As a result, analysts are expecting a mobile device population of 5 billion by 2015 [1].
    [Show full text]
  • Private Browsing
    Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor, Carnegie Mellon University https://www.usenix.org/conference/soups2018/presentation/habib-prying This paper is included in the Proceedings of the Fourteenth Symposium on Usable Privacy and Security. August 12–14, 2018 • Baltimore, MD, USA ISBN 978-1-939133-10-6 Open access to the Proceedings of the Fourteenth Symposium on Usable Privacy and Security is sponsored by USENIX. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor Carnegie Mellon University {htq, jcolnago, vidyag, spearman, thomasjm, acquisti, nicolasc, lorrie}@andrew.cmu.edu ABSTRACT Prior user studies have examined different aspects of private Previous research has suggested that people use the private browsing, including contexts for using private browsing [4, browsing mode of their web browsers to conduct privacy- 10, 16, 28, 41], general misconceptions of how private brows- sensitive activities online, but have misconceptions about ing technically functions and the protections it offers [10,16], how it works and are likely to overestimate the protections and usability issues with private browsing interfaces [41,44]. it provides. To better understand how private browsing is A major limitation of much prior work is that it is based used and whether users are at risk, we analyzed browsing on self-reported survey data, which may not always be reli- data collected from over 450 participants of the Security able.
    [Show full text]
  • Beginners Guide to Developing for a Jailbroken Ios Plaxorm
    Beginners Guide to Developing for a Jailbroken iOS Plaorm Priya Rajagopal Twier: @rajagp Blog: hp://www.priyaontech.com CocoaHeads, Jan 2012 Jailbreaking is Legal (..at least in the US) Priya Rajagopal, CocoaHeads,2012 Why develop for a jailbroken plaorm? • Develop run-Ume patches (.dylibs) that can be automacally loaded and shared across apps – Link with third part dylibs (eg- BTStack) • Hook into “system” apps and control plaorm behavior – Eg. Mobile Safari, Springboard • UUlize features not exposed through SDK’s public APIs to build something really cool Priya Rajagopal, CocoaHeads,2012 3 Why develop for a jailbroken plaorm? • More control over the plaorm – Terminal window, ssh, scp, rm etc. It’s a unix system. • Don’t need an Apple developer’s license – Self signed apps, pseudo signed apps • You don’t even need a Mac – You can even develop on the phone (Cool!) • Opons : – Distribute through Cydia – Internal Enterprise apps – Personal use. If you can’t find it, you can build it! Priya Rajagopal, CocoaHeads,2012 4 Tethered vs. Untethered Jailbreak • Tethered – You need to tether your device to your PC to reboot it. Quite inconvenient • Untethered – You don’t need to tether your device to your PC to reboot it. • ParUal Untethered – Tethered but you can reboot untethered to enable minimal funcUonality Priya Rajagopal, CocoaHeads,2012 5 Jailbreak Sogware (If its not free, it’s a scam) • RedSn0w (Mac /Windows) • Jailbreakme.com (Web) • PwnageTool (Mac) • GreenPois0n (Mac/Windows) Priya Rajagopal, CocoaHeads,2012 6 Status of iOS Jailbreak
    [Show full text]
  • Privacy of Streaming Apps and Devices
    2021 PRIVACY OF STREAMING APPS AND DEVICES: WATCHING TV THAT WATCHES US Common Sense is the nation's leading nonprofit organization dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in the 21st century. www.commonsense.org Common Sense is grateful for the generous support and underwriting that funded this report from the Michael and Susan Dell Foundation, the Bill and Melinda Gates Foundation, and the Chan Zuckerberg Initative. CREDITS Authors: Girard Kelly, Common Sense Media Jeff Graham, Common Sense Media Jill Bronfman, Common Sense Media Steve Garton, Common Sense Media Data analysis: Girard Kelly, Common Sense Media Jeff Graham, Common Sense Media Copy editor: Jennifer Robb Designer: Jeff Graham, Common Sense Media Suggested citation: Kelly, G., Graham, J., Bronfman, J., & Garton, S. (2021). Privacy of Streaming Apps and Devices: Watching TV that Watches Us. San Francisco, CA: Common Sense Media This work is licensed under a Creative Commons Attribution 4.0 International Public .License TABLE OF CONTENTS Privacy of streaming apps and devices 1 What are streaming services? ......................................... 1 Apps we rated ............................................... 1 How do streaming services make money? ............................... 2 How we rate privacy ........................................... 2 What we found .............................................. 6 Compare privacy ratings ........................................
    [Show full text]
  • Distributed Tuning of Boundary Resources: the Case of Apple's Ios Service System
    Ben Eaton, Silvia Elaluf-Calderwood, Carsten Sørensen and Youngjin Yoo Distributed tuning of boundary resources: the case of Apple's iOS service system Article (Published version) (Refereed) Original citation: Eaton, Ben, Elaluf-Calderwood, Silvia, Sorensen, Carsten and Yoo, Youngjin (2015) Distributed tuning of boundary resources: the case of Apple's iOS service system. MIS Quarterly, 39 (1). pp. 217-243. ISSN 0276-7783 Reuse of this item is permitted through licensing under the Creative Commons: © 2015 The Authors CC-BY This version available at: http://eprints.lse.ac.uk/63272/ Available in LSE Research Online: August 2015 LSE has developed LSE Research Online so that users may access research output of the School. Copyright © and Moral Rights for the papers on this site are retained by the individual authors and/or other copyright owners. You may freely distribute the URL (http://eprints.lse.ac.uk) of the LSE Research Online website. SPECIAL ISSUE: SERVICE INNOVATION IN THE DIGITAL AGE DISTRIBUTED TUNING OF BOUNDARY RESOURCES: THE CASE OF APPLE’S IOS SERVICE SYSTEM1 Ben Eaton Department of IT Management, Copenhagen Business School, Copenhagen, DENMARK {[email protected]} Silvia Elaluf-Calderwood and Carsten Sørensen Department of Management, The London School of Economics and Political Science, London, GREAT BRITAIN {[email protected]} {[email protected]} Youngjin Yoo Fox School of Business, Temple University, Philadelphia, PA 19140 UNITED STATES {[email protected]} The digital age has seen the rise of service systems involving highly distributed, heterogeneous, and resource- integrating actors whose relationships are governed by shared institutional logics, standards, and digital technology.
    [Show full text]
  • User Manual Star Walk™ for Iphone/Ipod Touch/Ipad
    User Manual Star Walk™ for iPhone/iPod Touch/iPad December 2013, ver. 7.0.3 for Android devices January 2014, ver. 1.0.1 2 Star Walk™ manual Table of Contents iOS version 4 1 Introduction 4 2 Getting started 5 2.1 Sky Live window 5 2.2 Location set up 6 2.3 Using/Activating Star Spotter 8 2.4 Augmented Reality 9 2.5 Spectrum Bar 9 2.6. Stargazing Community 9 2.7 Display/Interface 11 3 Menu 11 3.1 Day and Night color schemes 12 3.2 Constellations display 12 3.3 Satellites 13 3.4 TelRad 13 3.5 Playing sounds 13 3.6 Playing music 13 3.7 Magnitude adjustment 13 4 Using functions of Star Walk™ 13 4.1 Changing date and time 13 4.2 Getting information about an object 14 4.3 Searching for sky objects 14 4.4 Watching astronomical events 15 4.5 Using Astronomy Pictures 16 4.6 Posting pictures in Star Walk™ 17 4.7 Sharing 18 4.8 Watching moon phases 19 5 Star Walk™ on a big screen using cables 19 6 Star Walk™ on a big screen using AirPlay 20 7 The Apple Volume Purchase Program 20 FAQ 22 Glossary 23 Android version 26 1 Introduction 26 2 Getting started 26 3 Star Walk™ manual 2.1 Sky Live window 27 2.2 Location set up 27 2.3 Using/Activating Star Spotter 28 2.4 Augmented Reality 29 2.5 Spectrum Bar 30 2.6. Sharing 30 2.7 Display/Interface 30 3 Menu 32 3.1 Day and Night color schemes 32 3.2 Constellations display 32 3.3 Satellites 32 3.4 Playing sounds 33 3.5 Playing music 33 3.6 Magnitude adjustment 33 4 Using functions of Star Walk™ 33 4.1 Changing date and time 33 4.2 Getting information about an object 33 4.4 Sharing 35 4.5 Watching moon phases 35 FAQ 36 Glossary 37 4 Star Walk™ manual iOS version 1 Introduction Star Walk™ is a stargazing application for amateurs, professionals, and kids who are eager to learn.
    [Show full text]
  • Best Iphone and Ipad Contracts
    Best Iphone And Ipad Contracts Cosmogonic Israel interrelate droningly. Weather-beaten Cain infer assentingly and tryingly, she maturated her settings snapped telescopically. Is Wyndham always episcopal and incoercible when outjut some Cynewulf very stichometrically and extemporaneously? Laptop Mag battery test. To best iphone and ipad contracts to. You think you with eddie kantar and networks, and your listings import has been copied to any use. For and contracts can you can check email, twilio and resellers will contract. Nfc is best, customers are more pinching and contracts quickly as. Except fit the unlimited minute tariffs when voicemail is free. To tomorrow a document, you need to draw a signature at the line. What other ways are there to locate one? Lte models in management software to your quarantine dweller are willing to fill out from one field to products as well as new battery and best iphone and ipad contracts can get. Carriers may offer cheap deals on these phones for want some time. Christine baker is best iphone and ipad contracts can decide if a problem submitting your customers can click the cart is there was your independent of security. Cell phone plans are complicated. You need to sign type to chin with same purchase. But it wins on speed and convenience every day inspect the week. Back market quality control center and contracts to protect is my phone and require consent to start your email you would mean a few areas of real world. This contract agreement template is best mobile app on it just say no more waiting for? You are solely responsible for removing all data, including confidential and personal data, given the device prior to shipping.
    [Show full text]
  • Campers Turn to Face Time Over Facetime
    AN INDEPENDENT NEWSPAPER SINCE 1879 THURSDAY, JUNE 15, 2017 $ NEWS 12 PAGES / VOLUME 135 / NUMBER 49 1STAND USPS 138-260 • MARION • KENTUCKY 24/7 BREAKING AND LOCAL NEWS THE-PRESS.COM Architect: CCMS renovation more costly By DARYL K. TABOR “...It would be more expen- ities planning committee, one would build a new high school forgo the burden on property STAFF WRITER sive to renovate than to build question has been whether to and renovate the vacated owners to erect a new school As the petition to recall a new,” said Craig Thomas, an renovate the 1948 structure to school for middle-schoolers. It over modernizing CCMS. school tax increase makes its architect with RBS Design address shortcomings or sim- would also tear down the por- “I’ve lived in this county way around the county col- Group in Owensboro, to Su- ply build a new school. That tion of CCMS built just after soon be 90 years,” said Beverly lecting signatures, the archi- perintendent of Schools Vince committee ultimately recom- World War II and renovate the Herrin to the board at the June Victory Gardens set tect selected by the school Clark in a June 6 letter. mended the board of educa- eighth-grade wing for a new 1 tax hearing. “I’m for you re- district to design a new facility Since discussion of a plan tion approve a property tax central office. pairing the school, but I’m weekday schedule said calls to simply renovate a to replace an aging Crittenden increase to fund new con- Few opponents to the so- sure against building a new The Victory Gardens 69-year-old middle school are tended by Crittenden County Middle School began struction.
    [Show full text]
  • Efail: Breaking S/MIME and Openpgp Email Encryption Using Exfiltration Channels
    Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak and Christian Dresen, Münster University of Applied Sciences; Jens Müller, Ruhr University Bochum; Fabian Ising and Sebastian Schinzel, Münster University of Applied Sciences; Simon Friedberger, NXP Semiconductors, Belgium; Juraj Somorovsky and Jörg Schwenk, Ruhr University Bochum https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-939133-04-5 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak1, Christian Dresen1, Jens Muller¨ 2, Fabian Ising1, Sebastian Schinzel1, Simon Friedberger3, Juraj Somorovsky2, and Jorg¨ Schwenk2 1Munster¨ University of Applied Sciences 2Ruhr University Bochum 3NXP Semiconductors, Belgium Abstract is designed to protect user data in such scenarios. With end-to-end encryption, the email infrastructure becomes OpenPGP and S/MIME are the two prime standards merely a transportation service for opaque email data and for providing end-to-end security for emails. We de- no compromise – aside from the endpoints of sender or scribe novel attacks built upon a technique we call mal- receiver – should affect the security of an end-to-end en- leability gadgets to reveal the plaintext of encrypted crypted email. emails. We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails. These snippets S/MIME and OpenPGP. The two most prominent stan- abuse existing and standard conforming backchannels to dards offering end-to-end encryption for email, S/MIME exfiltrate the full plaintext after decryption.
    [Show full text]
  • Keep Your Mobile Device Safe for Ios User
    Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Mobile Device Safe for iOS User KEEP YOUR MOBILE DEVICE SAFE FOR iOS USER • Restrict Installation of Applications from Unknown Sources 1 • Set Strong Password and Screen Lock 2 • Use Up-to-date Anti-malware Security Software 3 • Update Operating Systems, Mobile Applications and Browsers 4 • Encrypt Your Mobile Device 5 • Remove Insecure and Unnecessary Wi-Fi Connection Profile 6 • Disable GPS and Location Services 7 • Remove Mobile Applications That Abuse Sensitive Permissions 8 • Perform Device Backup 9 • Completely Remove Data Before Giving Away Or Selling Your 10 Devices Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Mobile Device Safe for iOS User Index 1. Restrict installation of applications from unknown sources ........................ 3 2. Set strong password and screen lock ........................................................ 4 3. Use Up-to-date Anti-malware Security Software ........................................ 7 4. Update Operating Systems, Mobile Applications and Browsers ................ 8 5. Encrypt your mobile device ..................................................................... 10 6. Remove insecure and unnecessary Wi-Fi connection profile................... 11 7. Disable GPS and location services .......................................................... 13 8. Remove mobile applications that abuse sensitive permissions ................ 15 9. Perform device backup ...........................................................................
    [Show full text]
  • The Security Architecture of the Chromium Browser
    The Security Architecture of the Chromium Browser Adam Barth∗ Collin Jackson∗ UC Berkeley Stanford University Charles Reis∗ Google Chrome Team University of Washington Google Inc. ABSTRACT There have been a number of research proposals for mod- Most current web browsers employ a monolithic architec- ular browser architectures [8, 27, 5, 7] that contain multiple ture that combines \the user" and \the web" into a single protection domains. Like Chromium's architecture, these protection domain. An attacker who exploits an arbitrary proposals aim to provide security against an attacker who code execution vulnerability in such a browser can steal sen- can exploit an unpatched vulnerability. Unlike Chromium's sitive files or install malware. In this paper, we present the architecture, these proposals trade off compatibility with ex- security architecture of Chromium, the open-source browser isting web sites to provide architectural isolation between upon which Google Chrome is built. Chromium has two web sites or even individual pages. The browser's secu- modules in separate protection domains: a browser kernel, rity policy, known as the \same-origin policy," is complex which interacts with the operating system, and a rendering and can make such fine-grained isolation difficult to achieve engine, which runs with restricted privileges in a sandbox. without disrupting existing sites. Users, however, demand This architecture helps mitigate high-severity attacks with- compatibility because a web browser is only as useful as the out sacrificing compatibility with existing web sites. We sites that it can render. To be successful, a modular browser define a threat model for browser exploits and evaluate how architecture must support the entire web platform in addi- the architecture would have mitigated past vulnerabilities.
    [Show full text]
  • Updated FAQ on COVID-19 Policy Changes.” Additional COVID-19 Guidance from BDDS Can Be Found on the DDRS COVID-19 Webpage
    :\,' & so(', ,. , ~'is DivisionofDisabilityand T I" h I t d t (OVID 19 l ~ RehabilitativeServices 1emporary po icy C anges re a e O - \,,, "o ~ t~;::~.~(,~;;:;~f,;ental Frequently Asked Questions \t~-r\lJ- Contents _Toc64031905 Incident reporting guidance ................................................................................................................................ 2 Reporting in congregate residential settings....................................................................................................... 2 Suspension of new providers .............................................................................................................................. 8 Suspension of provider reverification ................................................................................................................. 9 Reopening efforts and individual restrictions..................................................................................................... 9 Day service guidance ........................................................................................................................................ 13 Guidance for visitors......................................................................................................................................... 15 Guidance for personal protective equipment .................................................................................................... 18 Contingency plans............................................................................................................................................
    [Show full text]