Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
Current Result Document :
ÇѱÛÁ¦¸ñ(Korean Title) |
iOS ¾îÇø®ÄÉÀ̼ÇÀÇ ÀáÀçÀû Ãë¾àÁ¡ ºÐ¼®À» À§ÇÑ LLDB ¸ðµâ °³¹ß |
¿µ¹®Á¦¸ñ(English Title) |
Development of LLDB module for potential vulnerability analysis in iOS Application |
ÀúÀÚ(Author) |
±è¹ÎÁ¤
·ùÀçö
Min-jeong Kim
Jae-cheol Ryou
|
¿ø¹®¼ö·Ïó(Citation) |
VOL 20 NO. 04 PP. 0013 ~ 0019 (2019. 08) |
Çѱ۳»¿ë (Korean Abstract) |
¾ÖÇÃÀÇ ¾îÇø®ÄÉÀÌ¼Ç ¸¶ÄÏÀÎ App Store¿¡ ¾îÇø®ÄÉÀ̼ÇÀ» µî·ÏÇϱâ À§Çؼ´Â ¾ÖÇà °ËÁõ ¼¾Å͸¦ ÅëÇØ ¾ö°ÝÇÑ °ËÁõ °úÁ¤À» Åë°úÇØ ¾ß ÇÑ´Ù. ±×·¸±â ¶§¹®¿¡ ½ºÆÄÀÌ¿þ¾î ¾îÇø®ÄÉÀ̼ÇÀÇ À¯ÀÔÀÌ ±î´Ù·Ó´Ù. ÇÏÁö¸¸ Á¤»óÀûÀÎ ¾îÇø®ÄÉÀ̼ÇÀÇ Ãë¾àÁ¡À» ÅëÇؼµµ ¾Ç¼ºÄÚµå °¡ ½ÇÇàµÉ ¼ö ÀÖ´Ù. ÀÌ·¯ÇÑ °ø°ÝÀ» ¹æÁöÇϱâ À§Çؼ´Â ¾îÇø®ÄÉÀ̼ǿ¡¼ ¹ß»ýÇÒ ¼ö ÀÖ´Â ÀáÀçÀû Ãë¾àÁ¡À» ÆÐÄ¡Çϱâ À§ÇØ Á¶±â¿¡ ¹ß °ßÇÏ°í ºÐ¼®ÇÏ´Â ¿¬±¸°¡ ÇÊ¿äÇÏ´Ù. ÀáÀçÀû Ãë¾àÁ¡À» Áõ¸íÇϱâ À§Çؼ´Â Ãë¾àÁ¡ÀÇ ±Ùº» ¿øÀÎÀ» ÆľÇÇÏ°í ¾Ç¿ë °¡´É¼ºÀ» ºÐ¼®ÇØ¾ß ÇÑ ´Ù. iOS ¾îÇø®ÄÉÀ̼ÇÀ» ºÐ¼®ÇÏ´Â µµ±¸·Î´Â °³¹ß µµ±¸ÀÎ Xcode¿¡ ³»ÀåµÇ¾î ÀÖ´Â LLDB¶ó´Â À̸§ÀÇ µð¹ö°Å¸¦ È°¿ëÇÒ ¼ö ÀÖ´Ù. LLDB¿¡´Â ´Ù¾çÇÑ ±â´ÉÀÌ Á¸ÀçÇϸç ÀÌ ±â´ÉµéÀº API·Îµµ Á¦°øµÇ¾î Python¿¡¼µµ »ç¿ëÀÌ °¡´ÉÇÏ´Ù. µû¶ó¼ º» ³í¹®¿¡¼ LLDB API¸¦ È°¿ëÇÏ¿© iOS ¾îÇø®ÄÉÀ̼ÇÀÇ ÀáÀçÀû Ãë¾àÁ¡À» È¿À²ÀûÀ¸·Î ºÐ¼®ÇÏ´Â ¹æ¹ý¿¡ ´ëÇØ Á¦¾ÈÇÑ´Ù. |
¿µ¹®³»¿ë (English Abstract) |
In order to register an application with Apple's App Store, it must pass a rigorous verification process through the Apple verification center. That's why spyware applications are difficult to get into the App Store. However, malicious code can also be executed through normal application vulnerabilities. To prevent such attacks, research is needed to detect and analyze early to patch potential vulnerabilities in applications. To prove a potential vulnerability, it is necessary to identify the root cause of the vulnerability and analyze the exploitability. A tool for analyzing iOS applications is the debugger named LLDB, which is built into Xcode, the development tool. There are various functions in the LLDB, and these functions are also available as APIs and are also available in Python. Therefore, in this paper, we propose a method to efficiently analyze potential vulnerabilities of iOS application by using LLDB API. |
Å°¿öµå(Keyword) |
iOS
Ãë¾àÁ¡ ºÐ¼®
µð¹ö°Å
LLDB
vulnerability analysis
debugger
|
ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|