IOS安全编码指南 Secure Coding Guide -- 02 Types of Security Vulnerabilities 下
2016-06-19 14:40
579 查看
IOS安全编码指南 Secure Coding Guide -- 02 Types of Security Vulnerabilities
下
Interprocess Communication
Separate(|ˈsepərət| adj 分开的) processes(进程)—either within a single program(程序)
or in two different programs—sometimes have to share information. Common methods include using shared memory or using some messaging protocol, such as Sockets, provided by the operating system. These messaging protocols used for
interprocess communication are often vulnerable to attack; thus, when writing an application, you must always assume that the process at the other end of your
communication channel could be hostile(|ˈhɒstaɪl, American ˈhɒstl| adj 不友善的、反对的).
For more information on how to perform secure interprocess communication, read
Validating Input and Interprocess Communication.
Insecure File Operations
In addition to time-of-check–time-of-use problems, many other file operations are insecure. Programmers often make assumptions about the ownership, location, or attributes of a file that might not be true. For example, you might assume that
you can always write to a file created by your program. However, if an attacker can change the permissions or flags on that file after you create it, and if you fail to check the result code after a write operation,
you will not detect the fact that the file has been tampered with.
assumption |əˈsʌmpʃn| noun
假定
ownership |ˈəʊnəʃɪp| noun
所有权
permission |pəˈmɪʃn| noun
许可
detect |dɪˈtekt| verb
查明、发现
tamper |ˈtæmpə(r)| verb
鼓捣、篡改
Examples of insecure file operations include:
•
writing to or reading from a file in a location writable by another user
•
failing to make the right checks for file type, device ID, links, and other settings before using a file
•
failing to check the result code after a file operation
•
assuming that if a file has a local pathname, it has to be a local file
These and other insecure file operations are discussed in more detail in
Securing File Operations.
Access Control Problems
Access control is the process of controlling who is allowed to do what. This ranges from controlling physical access to a computer—keeping your servers in a locked room, for example—to
specifying who has access to a resource (a file, for example) and what they are allowed to do with that resource (such as read only). Some access control mechanisms are enforced by the operating system, some by the individual application or server, some by
a service (such as a networking protocol) in use. Many security vulnerabilities are created by the careless or improper use of access controls, or by the failure to use them at all.
mechanism |ˈmekənɪzəm| noun
机械装置
enforce |ɪnˈfɔːs| transitive verb
强制实施
individual |ˌɪndɪˈvɪdʒʊəl| adjective
单独的、个人的
improper |ɪmˈprɒpə(r)| adjective
不合时宜的、不得体的、非法的
Much of the discussion of security vulnerabilities in the software security literature is in terms of privileges, and many exploits involve an attacker somehow gaining more privileges than they should have.
Privileges, also called permissions(|pəˈmɪʃn|), are access rights(权利)
granted by the operating system, controlling who is allowed to read and write files, directories, and attributes of files and directories (such as the permissions for a file), who can execute a program, and who can perform other restricted
operations such as accessing hardware devices and making changes to the network configuration. File permissions and access control in OS X are discussed in
File System Programming Guide.
restrict |rɪˈstrɪkt| transitive verb
限制
grant |grɑːnt, American grænt| transitive verb
准予、准许
involve |ɪnˈvɒlv| transitive verb
需要、影响
exploit noun 英雄业绩、风流韵事 transitive verb
开发、发挥、剥削、滥用
literature |ˈlɪtrətʃə(r), American -tʃʊər| noun Uncountable
文学、宣传册
Of particular interest to attackers is the gaining of root privileges, which refers to having the unrestricted permission to perform any operation on the system.
An application running with root privileges can access everything and change anything.
Many security vulnerabilities involve programming errors that allow an attacker to obtain root privileges.
Some such exploits involve taking advantage of buffer overflows or race conditions, which in some special circumstances allow an attacker to
escalate their privileges.
Others involve having access to system files that should be restricted or finding a weakness in a program—such as an application installer—that is already running with
root privileges. For this reason, it’s important to always run programs with as few privileges as possible. Similarly, when it is necessary to run a program
with elevated privileges, you should do so for as short a time as possible.
elevate |ˈelɪveɪt| transitive verb
抬起、提高 elevate one's mind 提高修养、使…高昂、提升
escalate |ˈeskəleɪt| transitive verb
使…上涨、使…升级、使…恶化、使…增加
circumstance |ˈsɜːkəmstəns| noun
状况、形势
advantage |ədˈvɑːntɪdʒ, American -ˈvæn-| noun
有利条件
involve |ɪnˈvɒlv| transitive verb
需要、影响、使参与、牵连、使加入
particular |pəˈtɪkjʊlə(r)| adjective
特指的
Much access control is enforced by applications, which can require a user to authenticate before granting authorization to perform an operation.
Authentication can involve requesting a user name and password, the use of a smart card, a biometric scan, or some other method.
If an application calls the OS X Authorization Services application interface to authenticate a user, it can automatically take advantage of whichever authentication method is available on the user’s system.
Writing your own authentication code is a less secure alternative, as it might afford an attacker the opportunity to take advantage of bugs in your code to bypass your authentication mechanism, or it might offer a less secure authentication
method than the standard one used on the system. Authorization and authentication are described further in
Security Overview.
mechanism |ˈmekənɪzəm| noun
机械装置、机件、机制
bypass |ˈbaɪpɑːs| noun
旁路 transitive verb 为…加设旁路、越过
opportunity |ˌɒpəˈtjuːnəti, American -ˈtuːn-| noun
机遇 to miss an opportunity 失去机会、[就业、升职的]
机会
alternative |ɔːlˈtɜːnətɪv| adjective
可供替代的、非传统的 noun 选择、可能的选择
available |əˈveɪləbl| adjective
可获得的
scan |skæn| transitive verb(present participle etc.
-nn-) 仔细观察、横扫
biometrics |ˌbaɪəʊˈmetrɪks| noun pluralplus singular verb
生物统计学
grant |grɑːnt, American grænt| transitive verb
准予、准许
authenticate |ɔːˈθentɪkeɪt| transitive verb
证明…是真的
enforce |ɪnˈfɔːs| transitive verb
强制实施、加强
Digital certificates are commonly used—especially over the Internet and with email—to authenticate users and servers, to encrypt communications, and to digitally sign data to ensure that it has not been corrupted and was truly created by
the entity that the user believes to have created it. Incorrect or careless use of digital certificates can lead to security vulnerabilities. For example, a server administration program shipped with
a standard self-signed certificate, with the intention that the system administrator would replace it with a unique certificate. However, many system administrators failed to take this step, with the result that an attacker could decrypt communication with
the server. [CVE-2004-0927]
decrypt |diːˈkrɪpt| transitive verb
破译
unique |juːˈniːk| adjective
唯一的、独一无二
ship |ʃɪp| noun
轮船
administration |ədˌmɪnɪˈstreɪʃn| noun
管理、司法监管、执行
entity |ˈentəti| noun
实体
certificate |səˈtɪfɪkət|noun
结业证书、合格证
It’s worth noting that nearly all access controls can be overcome by an attacker who has physical access to a machine and plenty of time. For example, no matter what you set a file’s permissions to, the
operating system cannot prevent someone from bypassing the operating system and reading the data directly off the disk. Only restricting access to the machine itself and the use of robust encryption techniques can protect data from being read or corrupted
under all circumstances.
robust |rəʊˈbʌst| adjective
强壮的、结实的、强劲的、旺盛的、茁壮的
circumstance |ˈsɜːkəmstəns| noun
状况、形势
The use of access controls in your program is discussed in more detail in
Elevating Privileges Safely.
Secure Storage and Encryption
encryption |enˈkrɪpʃən| noun
Encryption can be used to protect a user’s secrets from others, either during data transmission or when the data is stored. (The problem of how to protect a vendor’s data from being copied or used without permission is not addressed here.)
iOS provides a variety of encryption-based security options, such as
vendor |ˈvendə(r)| noun
小贩、摊贩、卖主
variety |vəˈraɪəti| noun
多样化
• passcode to prevent unauthorized use of the device
unauthorized |ʌnˈɔːθəraɪzd| adjective
未经授权的
•
data encryption
•
the ability to add a digital signature to a block of data
•
keychain
•
SSL/TLS secure network communication
Each service has appropriate uses, and each has limitations.
It is a serious mistake to try to create your own encryption method or to implement a published encryption algorithm yourself unless you are already an expert in the field.
It is extremely(|ɪkˈstriːmli|) difficult to write secure, robust encryption code that generates unbreakable ciphertext, and it is almost always a security vulnerability
to try. For OS X, if you need cryptographic services beyond those provided by the OS X user interface and high-level programming interfaces, you can use the open-source CSSM Cryptographic Services Manager. See the documentation provided
with the Open Source security code, which you can download at http://developer.apple.com/darwin/projects/security/. For iOS, the development APIs should provide all the services you need.
cryptographic 英 ['krɪptəʊ'græfɪk]
美 [ˌkrɪptə'græfɪk] adj. 关于暗号的,用密码写的
ciphertext 英 ['saɪfətekst]
美 ['saɪfəˌtekst] n. 密文;密码,暗记文
generate |ˈdʒenəreɪt| transitive verb
产生
robust |rəʊˈbʌst| adjective
强壮的
For more information about OS X and iOS security features, read Authentication, Authorization, and Permissions Guide.
Social Engineering(社会工程)
Often the weakest link in the chain of security features protecting a user’s data and software is the user himself. As developers eliminate buffer overflows, race conditions, and other security vulnerabilities, attackers increasingly concentrate
on fooling users into executing malicious code or handing over(交出) passwords, credit-card numbers, and other private information. Tricking a user into giving up secrets or into giving access to a computer to an attacker
is known as social engineering.
feature |ˈfiːtʃə(r)| noun
特征、方面
eliminate |ɪˈlɪmɪneɪt| transitive verb
排除、消除
concentrate |ˈkɒnsntreɪt| intransitive verb
全神贯注、集中、聚焦
trick |trɪk| noun
诡计、花招
For example, in February of 2005, a large firm that maintains credit information, Social Security numbers, and other personal information on virtually all U.S. citizens revealed that they had divulged information on at least 150,000 people
to scam artists who had posed as legitimate businessmen. According to Gartner (www.gartner.com), phishing attacks cost U.S. banks and credit card companies about $1.2 billion in 2003,
and this number is increasing. They estimate that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing.
approximately |əˈprɒksɪmətli| adverb
大约
estimate |ˈestɪmət|noun
估计
phishing |ˈfɪʃɪŋ| nounUncountable
网络诱骗
legitimate adjective 合法的
artist |ˈɑːtɪst| noun
艺术家、画家、能手
scam |skæm| noun
诈骗、骗局
divulge |daɪˈvʌldʒ| transitive verb
泄露
firm 1 |fɜːm| noun
商行
maintain |meɪnˈteɪn| transitive verb
维持、供养
virtually |ˈvɜːtʃʊəlɪ| adverb
实际上,there is virtually no public transport
几乎没有公共交通、虚拟地
citizen |ˈsɪtɪzn| noun
公民
reveal |rɪˈviːl| transitive verb
披露
Software developers can counter such attacks in two ways: through educating their users, and through clear and well-designed user interfaces that give users the information they need to make informed decisions.
inform |ɪnˈfɔːm| transitive verb
通知
informed |ɪnˈfɔːmd| adjective
有见识的、有依据的
counter 1 |ˈkaʊntə(r)| noun
柜台、专柜、筹码、计数器
counter 2 逆向地 transitive verb
反驳、反击 intransitive verb 反驳
For more advice on how to design a user interface that enhances security, see
Designing Secure User Interfaces.
下
Interprocess Communication
Separate(|ˈsepərət| adj 分开的) processes(进程)—either within a single program(程序)
or in two different programs—sometimes have to share information. Common methods include using shared memory or using some messaging protocol, such as Sockets, provided by the operating system. These messaging protocols used for
interprocess communication are often vulnerable to attack; thus, when writing an application, you must always assume that the process at the other end of your
communication channel could be hostile(|ˈhɒstaɪl, American ˈhɒstl| adj 不友善的、反对的).
For more information on how to perform secure interprocess communication, read
Validating Input and Interprocess Communication.
Insecure File Operations
In addition to time-of-check–time-of-use problems, many other file operations are insecure. Programmers often make assumptions about the ownership, location, or attributes of a file that might not be true. For example, you might assume that
you can always write to a file created by your program. However, if an attacker can change the permissions or flags on that file after you create it, and if you fail to check the result code after a write operation,
you will not detect the fact that the file has been tampered with.
assumption |əˈsʌmpʃn| noun
假定
ownership |ˈəʊnəʃɪp| noun
所有权
permission |pəˈmɪʃn| noun
许可
detect |dɪˈtekt| verb
查明、发现
tamper |ˈtæmpə(r)| verb
鼓捣、篡改
Examples of insecure file operations include:
•
writing to or reading from a file in a location writable by another user
•
failing to make the right checks for file type, device ID, links, and other settings before using a file
•
failing to check the result code after a file operation
•
assuming that if a file has a local pathname, it has to be a local file
These and other insecure file operations are discussed in more detail in
Securing File Operations.
Access Control Problems
Access control is the process of controlling who is allowed to do what. This ranges from controlling physical access to a computer—keeping your servers in a locked room, for example—to
specifying who has access to a resource (a file, for example) and what they are allowed to do with that resource (such as read only). Some access control mechanisms are enforced by the operating system, some by the individual application or server, some by
a service (such as a networking protocol) in use. Many security vulnerabilities are created by the careless or improper use of access controls, or by the failure to use them at all.
mechanism |ˈmekənɪzəm| noun
机械装置
enforce |ɪnˈfɔːs| transitive verb
强制实施
individual |ˌɪndɪˈvɪdʒʊəl| adjective
单独的、个人的
improper |ɪmˈprɒpə(r)| adjective
不合时宜的、不得体的、非法的
Much of the discussion of security vulnerabilities in the software security literature is in terms of privileges, and many exploits involve an attacker somehow gaining more privileges than they should have.
Privileges, also called permissions(|pəˈmɪʃn|), are access rights(权利)
granted by the operating system, controlling who is allowed to read and write files, directories, and attributes of files and directories (such as the permissions for a file), who can execute a program, and who can perform other restricted
operations such as accessing hardware devices and making changes to the network configuration. File permissions and access control in OS X are discussed in
File System Programming Guide.
restrict |rɪˈstrɪkt| transitive verb
限制
grant |grɑːnt, American grænt| transitive verb
准予、准许
involve |ɪnˈvɒlv| transitive verb
需要、影响
exploit noun 英雄业绩、风流韵事 transitive verb
开发、发挥、剥削、滥用
literature |ˈlɪtrətʃə(r), American -tʃʊər| noun Uncountable
文学、宣传册
Of particular interest to attackers is the gaining of root privileges, which refers to having the unrestricted permission to perform any operation on the system.
An application running with root privileges can access everything and change anything.
Many security vulnerabilities involve programming errors that allow an attacker to obtain root privileges.
Some such exploits involve taking advantage of buffer overflows or race conditions, which in some special circumstances allow an attacker to
escalate their privileges.
Others involve having access to system files that should be restricted or finding a weakness in a program—such as an application installer—that is already running with
root privileges. For this reason, it’s important to always run programs with as few privileges as possible. Similarly, when it is necessary to run a program
with elevated privileges, you should do so for as short a time as possible.
elevate |ˈelɪveɪt| transitive verb
抬起、提高 elevate one's mind 提高修养、使…高昂、提升
escalate |ˈeskəleɪt| transitive verb
使…上涨、使…升级、使…恶化、使…增加
circumstance |ˈsɜːkəmstəns| noun
状况、形势
advantage |ədˈvɑːntɪdʒ, American -ˈvæn-| noun
有利条件
involve |ɪnˈvɒlv| transitive verb
需要、影响、使参与、牵连、使加入
particular |pəˈtɪkjʊlə(r)| adjective
特指的
Much access control is enforced by applications, which can require a user to authenticate before granting authorization to perform an operation.
Authentication can involve requesting a user name and password, the use of a smart card, a biometric scan, or some other method.
If an application calls the OS X Authorization Services application interface to authenticate a user, it can automatically take advantage of whichever authentication method is available on the user’s system.
Writing your own authentication code is a less secure alternative, as it might afford an attacker the opportunity to take advantage of bugs in your code to bypass your authentication mechanism, or it might offer a less secure authentication
method than the standard one used on the system. Authorization and authentication are described further in
Security Overview.
mechanism |ˈmekənɪzəm| noun
机械装置、机件、机制
bypass |ˈbaɪpɑːs| noun
旁路 transitive verb 为…加设旁路、越过
opportunity |ˌɒpəˈtjuːnəti, American -ˈtuːn-| noun
机遇 to miss an opportunity 失去机会、[就业、升职的]
机会
alternative |ɔːlˈtɜːnətɪv| adjective
可供替代的、非传统的 noun 选择、可能的选择
available |əˈveɪləbl| adjective
可获得的
scan |skæn| transitive verb(present participle etc.
-nn-) 仔细观察、横扫
biometrics |ˌbaɪəʊˈmetrɪks| noun pluralplus singular verb
生物统计学
grant |grɑːnt, American grænt| transitive verb
准予、准许
authenticate |ɔːˈθentɪkeɪt| transitive verb
证明…是真的
enforce |ɪnˈfɔːs| transitive verb
强制实施、加强
Digital certificates are commonly used—especially over the Internet and with email—to authenticate users and servers, to encrypt communications, and to digitally sign data to ensure that it has not been corrupted and was truly created by
the entity that the user believes to have created it. Incorrect or careless use of digital certificates can lead to security vulnerabilities. For example, a server administration program shipped with
a standard self-signed certificate, with the intention that the system administrator would replace it with a unique certificate. However, many system administrators failed to take this step, with the result that an attacker could decrypt communication with
the server. [CVE-2004-0927]
decrypt |diːˈkrɪpt| transitive verb
破译
unique |juːˈniːk| adjective
唯一的、独一无二
ship |ʃɪp| noun
轮船
administration |ədˌmɪnɪˈstreɪʃn| noun
管理、司法监管、执行
entity |ˈentəti| noun
实体
certificate |səˈtɪfɪkət|noun
结业证书、合格证
It’s worth noting that nearly all access controls can be overcome by an attacker who has physical access to a machine and plenty of time. For example, no matter what you set a file’s permissions to, the
operating system cannot prevent someone from bypassing the operating system and reading the data directly off the disk. Only restricting access to the machine itself and the use of robust encryption techniques can protect data from being read or corrupted
under all circumstances.
robust |rəʊˈbʌst| adjective
强壮的、结实的、强劲的、旺盛的、茁壮的
circumstance |ˈsɜːkəmstəns| noun
状况、形势
The use of access controls in your program is discussed in more detail in
Elevating Privileges Safely.
Secure Storage and Encryption
encryption |enˈkrɪpʃən| noun
Encryption can be used to protect a user’s secrets from others, either during data transmission or when the data is stored. (The problem of how to protect a vendor’s data from being copied or used without permission is not addressed here.)
iOS provides a variety of encryption-based security options, such as
vendor |ˈvendə(r)| noun
小贩、摊贩、卖主
variety |vəˈraɪəti| noun
多样化
• passcode to prevent unauthorized use of the device
unauthorized |ʌnˈɔːθəraɪzd| adjective
未经授权的
•
data encryption
•
the ability to add a digital signature to a block of data
•
keychain
•
SSL/TLS secure network communication
Each service has appropriate uses, and each has limitations.
It is a serious mistake to try to create your own encryption method or to implement a published encryption algorithm yourself unless you are already an expert in the field.
It is extremely(|ɪkˈstriːmli|) difficult to write secure, robust encryption code that generates unbreakable ciphertext, and it is almost always a security vulnerability
to try. For OS X, if you need cryptographic services beyond those provided by the OS X user interface and high-level programming interfaces, you can use the open-source CSSM Cryptographic Services Manager. See the documentation provided
with the Open Source security code, which you can download at http://developer.apple.com/darwin/projects/security/. For iOS, the development APIs should provide all the services you need.
cryptographic 英 ['krɪptəʊ'græfɪk]
美 [ˌkrɪptə'græfɪk] adj. 关于暗号的,用密码写的
ciphertext 英 ['saɪfətekst]
美 ['saɪfəˌtekst] n. 密文;密码,暗记文
generate |ˈdʒenəreɪt| transitive verb
产生
robust |rəʊˈbʌst| adjective
强壮的
For more information about OS X and iOS security features, read Authentication, Authorization, and Permissions Guide.
Social Engineering(社会工程)
Often the weakest link in the chain of security features protecting a user’s data and software is the user himself. As developers eliminate buffer overflows, race conditions, and other security vulnerabilities, attackers increasingly concentrate
on fooling users into executing malicious code or handing over(交出) passwords, credit-card numbers, and other private information. Tricking a user into giving up secrets or into giving access to a computer to an attacker
is known as social engineering.
feature |ˈfiːtʃə(r)| noun
特征、方面
eliminate |ɪˈlɪmɪneɪt| transitive verb
排除、消除
concentrate |ˈkɒnsntreɪt| intransitive verb
全神贯注、集中、聚焦
trick |trɪk| noun
诡计、花招
For example, in February of 2005, a large firm that maintains credit information, Social Security numbers, and other personal information on virtually all U.S. citizens revealed that they had divulged information on at least 150,000 people
to scam artists who had posed as legitimate businessmen. According to Gartner (www.gartner.com), phishing attacks cost U.S. banks and credit card companies about $1.2 billion in 2003,
and this number is increasing. They estimate that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing.
approximately |əˈprɒksɪmətli| adverb
大约
estimate |ˈestɪmət|noun
估计
phishing |ˈfɪʃɪŋ| nounUncountable
网络诱骗
legitimate adjective 合法的
artist |ˈɑːtɪst| noun
艺术家、画家、能手
scam |skæm| noun
诈骗、骗局
divulge |daɪˈvʌldʒ| transitive verb
泄露
firm 1 |fɜːm| noun
商行
maintain |meɪnˈteɪn| transitive verb
维持、供养
virtually |ˈvɜːtʃʊəlɪ| adverb
实际上,there is virtually no public transport
几乎没有公共交通、虚拟地
citizen |ˈsɪtɪzn| noun
公民
reveal |rɪˈviːl| transitive verb
披露
Software developers can counter such attacks in two ways: through educating their users, and through clear and well-designed user interfaces that give users the information they need to make informed decisions.
inform |ɪnˈfɔːm| transitive verb
通知
informed |ɪnˈfɔːmd| adjective
有见识的、有依据的
counter 1 |ˈkaʊntə(r)| noun
柜台、专柜、筹码、计数器
counter 2 逆向地 transitive verb
反驳、反击 intransitive verb 反驳
For more advice on how to design a user interface that enhances security, see
Designing Secure User Interfaces.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- lucene prefixQuery
- Phoenix ,SQuirrel 与Hbase 搭建
- Arduino 卡片14红外遥控灯
- IOS UITableView 常见问题总结(-)
- “车城”项目问题总结之UITableView不同样式cell的运用
- build.xml
- thinkjs请求oss报错:RequestTimeTooSkewedError:
- 队列queue
- lucene query
- [LeetCode] Count Numbers with Unique Digits
- JAVA--019 GUI
- UIView 中简单的九宫格
- Arduino 卡片13自制风扇
- Arduino的程序烧录
- 应用服务器性能优化 之 消息队列(MQ:Message Queue)
- UGUI如何判断鼠标是否在UI上
- Arduino 卡片12彩灯调光台
- postgresql----数据库表约束----UNIQUE
- 妙用php中的register_shutdown_function和fastcgi_finish_request
- java基础知识:break语句和continue语句