iService: Detecting and Evaluating the Impact of Confused Deputy Problem in AppleOS

Yizhuo Wang, Yikun HU, Xuangan Xiao, Dawu Gu
December, 2022
PDF Cite DOI URL

Abstract

Confused deputy problem is a specific type of privilege escalation. It happens when a program tricks another more privileged one into misusing its authority. On AppleOS, system services are adopted to perform privileged operations when receiving inter-process communication (IPC) request from a user process. The confused deputy vulnerabilities may result if system services overlook the checking of IPC input. Unfortunately, it is tough to identify such vulnerabilities, which requires to understand the closed-source system services and private frameworks of the complex AppleOS by unraveling the dependencies in binaries.

Type

Conference paper

Publication
Annual Computer Security Applications Conference
Yikun HU
Yikun HU
Assistant Research Fellow

I am working in LoCCS at SJTU. My research interests focus on (AI-assisted) Program Analysis and its application to Software Security. We are looking for motivated students interested in Software Security or AI Security. Feel free to contact us please, if you have an interest in researching or interning in our lab.