{"data":{"id":"10.48550/arxiv.1608.04303","type":"dois","attributes":{"doi":"10.48550/arxiv.1608.04303","prefix":"10.48550","suffix":"arxiv.1608.04303","identifiers":[{"identifier":"1608.04303","identifierType":"arXiv"}],"alternateIdentifiers":[{"alternateIdentifierType":"arXiv","alternateIdentifier":"1608.04303"}],"creators":[{"name":"Deaconescu, Răzvan","nameType":"Personal","givenName":"Răzvan","familyName":"Deaconescu","affiliation":[],"nameIdentifiers":[]},{"name":"Deshotels, Luke","nameType":"Personal","givenName":"Luke","familyName":"Deshotels","affiliation":[],"nameIdentifiers":[]},{"name":"Bucicoiu, Mihai","nameType":"Personal","givenName":"Mihai","familyName":"Bucicoiu","affiliation":[],"nameIdentifiers":[]},{"name":"Enck, William","nameType":"Personal","givenName":"William","familyName":"Enck","affiliation":[],"nameIdentifiers":[]},{"name":"Davi, Lucas","nameType":"Personal","givenName":"Lucas","familyName":"Davi","affiliation":[],"nameIdentifiers":[]},{"name":"Sadeghi, Ahmad-Reza","nameType":"Personal","givenName":"Ahmad-Reza","familyName":"Sadeghi","affiliation":[],"nameIdentifiers":[]}],"titles":[{"title":"SandBlaster: Reversing the Apple Sandbox"}],"publisher":"arXiv","container":{},"publicationYear":2016,"subjects":[{"lang":"en","subject":"Cryptography and Security (cs.CR)","subjectScheme":"arXiv"},{"lang":"en","subject":"Operating Systems (cs.OS)","subjectScheme":"arXiv"},{"subject":"FOS: Computer and information sciences","subjectScheme":"Fields of Science and Technology (FOS)"},{"subject":"FOS: Computer and information sciences","schemeUri":"http://www.oecd.org/science/inno/38235147.pdf","subjectScheme":"Fields of Science and Technology (FOS)"},{"lang":"en","subject":"D.4.6","subjectScheme":"ACM"}],"contributors":[],"dates":[{"date":"2016-08-15T15:26:22Z","dateType":"Submitted","dateInformation":"v1"},{"date":"2016-08-16T00:14:46Z","dateType":"Updated","dateInformation":"v1"},{"date":"2016-08","dateType":"Available","dateInformation":"v1"},{"date":"2016","dateType":"Issued"}],"language":null,"types":{"ris":"GEN","bibtex":"misc","citeproc":"article","schemaOrg":"CreativeWork","resourceType":"Article","resourceTypeGeneral":"Preprint"},"relatedIdentifiers":[],"relatedItems":[],"sizes":[],"formats":[],"version":"1","rightsList":[{"rights":"arXiv.org perpetual, non-exclusive license","rightsUri":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/"}],"descriptions":[{"description":"In order to limit the damage of malware on Mac OS X and iOS, Apple uses sandboxing, a kernel-level security layer that provides tight constraints for system calls. Particularly used for Apple iOS, sandboxing prevents apps from executing potentially dangerous actions, by defining rules in a sandbox profile. Investigating Apple's built-in sandbox profiles is difficult as they are compiled and stored in binary format. We present SandBlaster, a software bundle that is able to reverse/decompile Apple binary sandbox profiles to their original human readable SBPL (SandBox Profile Language) format. We use SandBlaster to reverse all built-in Apple iOS binary sandbox profiles for iOS 7, 8 and 9. Our tool is, to the best of our knowledge, the first to provide a full reversing of the Apple sandbox, shedding light into the inner workings of Apple sandbox profiles and providing essential support for security researchers and professionals interested in Apple security mechanisms.","descriptionType":"Abstract"},{"description":"25 pages, 9 figures, 14 listings This report is an auxiliary document to the paper \"SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles\", to be presented at the ACM Conference on Computer and Communications Security (CCS) 2016","descriptionType":"Other"}],"geoLocations":[],"fundingReferences":[],"xml":"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHJlc291cmNlIHhtbG5zPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnNjaGVtYUxvY2F0aW9uPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCBodHRwOi8vc2NoZW1hLmRhdGFjaXRlLm9yZy9tZXRhL2tlcm5lbC00LjMvbWV0YWRhdGEueHNkIj4KICA8aWRlbnRpZmllciBpZGVudGlmaWVyVHlwZT0iRE9JIj4xMC40ODU1MC9BUlhJVi4xNjA4LjA0MzAzPC9pZGVudGlmaWVyPgogIDxhbHRlcm5hdGVJZGVudGlmaWVycz4KICAgIDxhbHRlcm5hdGVJZGVudGlmaWVyIGFsdGVybmF0ZUlkZW50aWZpZXJUeXBlPSJhclhpdiI+MTYwOC4wNDMwMzwvYWx0ZXJuYXRlSWRlbnRpZmllcj4KICA8L2FsdGVybmF0ZUlkZW50aWZpZXJzPgogIDxjcmVhdG9ycz4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5EZWFjb25lc2N1LCBSxIN6dmFuPC9jcmVhdG9yTmFtZT4KICAgICAgPGdpdmVuTmFtZT5SxIN6dmFuPC9naXZlbk5hbWU+CiAgICAgIDxmYW1pbHlOYW1lPkRlYWNvbmVzY3U8L2ZhbWlseU5hbWU+CiAgICA8L2NyZWF0b3I+CiAgICA8Y3JlYXRvcj4KICAgICAgPGNyZWF0b3JOYW1lIG5hbWVUeXBlPSJQZXJzb25hbCI+RGVzaG90ZWxzLCBMdWtlPC9jcmVhdG9yTmFtZT4KICAgICAgPGdpdmVuTmFtZT5MdWtlPC9naXZlbk5hbWU+CiAgICAgIDxmYW1pbHlOYW1lPkRlc2hvdGVsczwvZmFtaWx5TmFtZT4KICAgIDwvY3JlYXRvcj4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5CdWNpY29pdSwgTWloYWk8L2NyZWF0b3JOYW1lPgogICAgICA8Z2l2ZW5OYW1lPk1paGFpPC9naXZlbk5hbWU+CiAgICAgIDxmYW1pbHlOYW1lPkJ1Y2ljb2l1PC9mYW1pbHlOYW1lPgogICAgPC9jcmVhdG9yPgogICAgPGNyZWF0b3I+CiAgICAgIDxjcmVhdG9yTmFtZSBuYW1lVHlwZT0iUGVyc29uYWwiPkVuY2ssIFdpbGxpYW08L2NyZWF0b3JOYW1lPgogICAgICA8Z2l2ZW5OYW1lPldpbGxpYW08L2dpdmVuTmFtZT4KICAgICAgPGZhbWlseU5hbWU+RW5jazwvZmFtaWx5TmFtZT4KICAgIDwvY3JlYXRvcj4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5EYXZpLCBMdWNhczwvY3JlYXRvck5hbWU+CiAgICAgIDxnaXZlbk5hbWU+THVjYXM8L2dpdmVuTmFtZT4KICAgICAgPGZhbWlseU5hbWU+RGF2aTwvZmFtaWx5TmFtZT4KICAgIDwvY3JlYXRvcj4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5TYWRlZ2hpLCBBaG1hZC1SZXphPC9jcmVhdG9yTmFtZT4KICAgICAgPGdpdmVuTmFtZT5BaG1hZC1SZXphPC9naXZlbk5hbWU+CiAgICAgIDxmYW1pbHlOYW1lPlNhZGVnaGk8L2ZhbWlseU5hbWU+CiAgICA8L2NyZWF0b3I+CiAgPC9jcmVhdG9ycz4KICA8dGl0bGVzPgogICAgPHRpdGxlPlNhbmRCbGFzdGVyOiBSZXZlcnNpbmcgdGhlIEFwcGxlIFNhbmRib3g8L3RpdGxlPgogIDwvdGl0bGVzPgogIDxwdWJsaXNoZXI+YXJYaXY8L3B1Ymxpc2hlcj4KICA8cHVibGljYXRpb25ZZWFyPjIwMTY8L3B1YmxpY2F0aW9uWWVhcj4KICA8c3ViamVjdHM+CiAgICA8c3ViamVjdCB4bWw6bGFuZz0iZW4iIHN1YmplY3RTY2hlbWU9ImFyWGl2Ij5DcnlwdG9ncmFwaHkgYW5kIFNlY3VyaXR5IChjcy5DUik8L3N1YmplY3Q+CiAgICA8c3ViamVjdCB4bWw6bGFuZz0iZW4iIHN1YmplY3RTY2hlbWU9ImFyWGl2Ij5PcGVyYXRpbmcgU3lzdGVtcyAoY3MuT1MpPC9zdWJqZWN0PgogICAgPHN1YmplY3Qgc3ViamVjdFNjaGVtZT0iRmllbGRzIG9mIFNjaWVuY2UgYW5kIFRlY2hub2xvZ3kgKEZPUykiPkZPUzogQ29tcHV0ZXIgYW5kIGluZm9ybWF0aW9uIHNjaWVuY2VzPC9zdWJqZWN0PgogICAgPHN1YmplY3QgeG1sOmxhbmc9ImVuIiBzdWJqZWN0U2NoZW1lPSJBQ00iPkQuNC42PC9zdWJqZWN0PgogIDwvc3ViamVjdHM+CiAgPGRhdGVzPgogICAgPGRhdGUgZGF0ZVR5cGU9IlN1Ym1pdHRlZCIgZGF0ZUluZm9ybWF0aW9uPSJ2MSI+MjAxNi0wOC0xNVQxNToyNjoyMlo8L2RhdGU+CiAgICA8ZGF0ZSBkYXRlVHlwZT0iVXBkYXRlZCIgZGF0ZUluZm9ybWF0aW9uPSJ2MSI+MjAxNi0wOC0xNlQwMDoxNDo0Nlo8L2RhdGU+CiAgICA8ZGF0ZSBkYXRlVHlwZT0iQXZhaWxhYmxlIiBkYXRlSW5mb3JtYXRpb249InYxIj4yMDE2LTA4PC9kYXRlPgogIDwvZGF0ZXM+CiAgPHJlc291cmNlVHlwZSByZXNvdXJjZVR5cGVHZW5lcmFsPSJQcmVwcmludCI+QXJ0aWNsZTwvcmVzb3VyY2VUeXBlPgogIDx2ZXJzaW9uPjE8L3ZlcnNpb24+CiAgPHJpZ2h0c0xpc3Q+CiAgICA8cmlnaHRzIHJpZ2h0c1VSST0iaHR0cDovL2FyeGl2Lm9yZy9saWNlbnNlcy9ub25leGNsdXNpdmUtZGlzdHJpYi8xLjAvIj5hclhpdi5vcmcgcGVycGV0dWFsLCBub24tZXhjbHVzaXZlIGxpY2Vuc2U8L3JpZ2h0cz4KICA8L3JpZ2h0c0xpc3Q+CiAgPGRlc2NyaXB0aW9ucz4KICAgIDxkZXNjcmlwdGlvbiBkZXNjcmlwdGlvblR5cGU9IkFic3RyYWN0Ij5JbiBvcmRlciB0byBsaW1pdCB0aGUgZGFtYWdlIG9mIG1hbHdhcmUgb24gTWFjIE9TIFggYW5kIGlPUywgQXBwbGUgdXNlcyBzYW5kYm94aW5nLCBhIGtlcm5lbC1sZXZlbCBzZWN1cml0eSBsYXllciB0aGF0IHByb3ZpZGVzIHRpZ2h0IGNvbnN0cmFpbnRzIGZvciBzeXN0ZW0gY2FsbHMuIFBhcnRpY3VsYXJseSB1c2VkIGZvciBBcHBsZSBpT1MsIHNhbmRib3hpbmcgcHJldmVudHMgYXBwcyBmcm9tIGV4ZWN1dGluZyBwb3RlbnRpYWxseSBkYW5nZXJvdXMgYWN0aW9ucywgYnkgZGVmaW5pbmcgcnVsZXMgaW4gYSBzYW5kYm94IHByb2ZpbGUuIEludmVzdGlnYXRpbmcgQXBwbGUncyBidWlsdC1pbiBzYW5kYm94IHByb2ZpbGVzIGlzIGRpZmZpY3VsdCBhcyB0aGV5IGFyZSBjb21waWxlZCBhbmQgc3RvcmVkIGluIGJpbmFyeSBmb3JtYXQuIFdlIHByZXNlbnQgU2FuZEJsYXN0ZXIsIGEgc29mdHdhcmUgYnVuZGxlIHRoYXQgaXMgYWJsZSB0byByZXZlcnNlL2RlY29tcGlsZSBBcHBsZSBiaW5hcnkgc2FuZGJveCBwcm9maWxlcyB0byB0aGVpciBvcmlnaW5hbCBodW1hbiByZWFkYWJsZSBTQlBMIChTYW5kQm94IFByb2ZpbGUgTGFuZ3VhZ2UpIGZvcm1hdC4gV2UgdXNlIFNhbmRCbGFzdGVyIHRvIHJldmVyc2UgYWxsIGJ1aWx0LWluIEFwcGxlIGlPUyBiaW5hcnkgc2FuZGJveCBwcm9maWxlcyBmb3IgaU9TIDcsIDggYW5kIDkuIE91ciB0b29sIGlzLCB0byB0aGUgYmVzdCBvZiBvdXIga25vd2xlZGdlLCB0aGUgZmlyc3QgdG8gcHJvdmlkZSBhIGZ1bGwgcmV2ZXJzaW5nIG9mIHRoZSBBcHBsZSBzYW5kYm94LCBzaGVkZGluZyBsaWdodCBpbnRvIHRoZSBpbm5lciB3b3JraW5ncyBvZiBBcHBsZSBzYW5kYm94IHByb2ZpbGVzIGFuZCBwcm92aWRpbmcgZXNzZW50aWFsIHN1cHBvcnQgZm9yIHNlY3VyaXR5IHJlc2VhcmNoZXJzIGFuZCBwcm9mZXNzaW9uYWxzIGludGVyZXN0ZWQgaW4gQXBwbGUgc2VjdXJpdHkgbWVjaGFuaXNtcy48L2Rlc2NyaXB0aW9uPgogICAgPGRlc2NyaXB0aW9uIGRlc2NyaXB0aW9uVHlwZT0iT3RoZXIiPjI1IHBhZ2VzLCA5IGZpZ3VyZXMsIDE0IGxpc3RpbmdzIFRoaXMgcmVwb3J0IGlzIGFuIGF1eGlsaWFyeSBkb2N1bWVudCB0byB0aGUgcGFwZXIgIlNhbmRTY291dDogQXV0b21hdGljIERldGVjdGlvbiBvZiBGbGF3cyBpbiBpT1MgU2FuZGJveCBQcm9maWxlcyIsIHRvIGJlIHByZXNlbnRlZCBhdCB0aGUgQUNNIENvbmZlcmVuY2Ugb24gQ29tcHV0ZXIgYW5kIENvbW11bmljYXRpb25zIFNlY3VyaXR5IChDQ1MpIDIwMTY8L2Rlc2NyaXB0aW9uPgogIDwvZGVzY3JpcHRpb25zPgo8L3Jlc291cmNlPg==","url":"https://arxiv.org/abs/1608.04303","contentUrl":null,"metadataVersion":0,"schemaVersion":"http://datacite.org/schema/kernel-4","source":"mds","isActive":true,"state":"findable","reason":null,"viewCount":0,"viewsOverTime":[],"downloadCount":0,"downloadsOverTime":[],"referenceCount":0,"citationCount":0,"citationsOverTime":[],"partCount":0,"partOfCount":0,"versionCount":0,"versionOfCount":0,"created":"2022-03-05T20:48:58.000Z","registered":"2022-03-05T20:48:59.000Z","published":"2016","updated":"2022-03-05T20:48:59.000Z"},"relationships":{"client":{"data":{"id":"arxiv.content","type":"clients"}},"provider":{"data":{"id":"arxiv","type":"providers"}},"media":{"data":{"id":"10.48550/arxiv.1608.04303","type":"media"}},"references":{"data":[]},"citations":{"data":[]},"parts":{"data":[]},"partOf":{"data":[]},"versions":{"data":[]},"versionOf":{"data":[]}}}}