Security on iOS devices is becoming more of a hot topic these days, what with security notables like Eugene Kaspersky warning of future malware attacks that could take down the immense monoculture operating system. Apple’s not ignoring the threat; in fact, the company has published a 19-page iOS security document outlining the company’s commitment to security on the mobile platform.

The free PDF document, available here, describes Apple’s approach to security. The system architecture section details the integration of hardware and software on the devices and how it allows for the validation of activities through all processes.

For example, when an iOS device is first turned on it goes through a cryptographically signed boot up process, each step of which proceeds only after verifying the chain of trust. There’s a description of how app code signing and sandboxing are used to ensure that apps can’t compromise the system or other apps.

I personally found the hardware security features built into every iOS device to be fascinating — a dedicated AES256 crypto engine lodged between flash storage and system memory, using the device’s UID and a group ID to cryptographically tie data to a particular device. There’s also a fully detailed description of device access and network security.

The document should be of great interest (and comfort) to those deploying large numbers of iOS devices in enterprises and government settings.

Apple publishes guide to iOS security originally appeared on TUAW – The Unofficial Apple Weblog on Tue, 05 Jun 2012 11:00:00 EST. Please see our terms for use of feeds.

Source | Permalink | Email this | Comments

You can follow on Twitter or join our Facebook page to keep yourself updated on all the latest from Apple and the Web.