[iOS] Architecture of iOS Operating System

1. Introduction to iOS

• Apple’s mobile operating system
• Based on Darwin, an open source Unix operating system developed by Apple
• Since supported models differ depending on the iOS version, be aware and prepare your device.

2. iOS application structure

1) Rescue

• With a hierarchical structure, apps do not communicate directly with the hardware.
• Communicates with hardware through defined system interfaces

1. Cocoa Touch: Provides infrastructure for all applications (mainly responsible for app interfaces)
2. Media Layer: A library that displays graphics, audio and video
3. Core Services: Provides other services of the system to the application (network, location), and provides essential functions of the app.
4. Core OS: Libraries used to run tasks on the rest of the upper layer.

3. The iOS Security Model

• Security at the hardware level

1) Main function

• Layer security architecture down to hardware, operating system, and application levels
• Application Sandbox
• Encryption right at the hardware/firmware level
• Data protection through encryption
• code signing

2) iOS Secure Boot Chain

• Provides security in the boot process using a secure boot chain mechanism
• Due to possible infection at boot level
• Verification of forgery through inspection at each stage
• iOS can only run on verified Apple devices

3) Detailed process of secure boot chain

1. Boot ROM

• It is in its infancy and cannot be updated or changed.
• Verification that the LLB is correctly signed by including the Apple root certificate
• Enter DFU (Factory Reset?) mode if LLB is not verified / Jailbreak is wrong

2. Low Level Bootloader

• Steps executed after the LLB signature is valid at the Boot ROM stage
• Code close to updatable/hardware
• Validate firmware signature before loading iBoot
• If iBoot is not verified, enter Recovery (keep files + upgrade/reinstall) mode

3. iBoot

• Run if iBoot signature is valid at LLB level
• Verify signature before starting kernel / enter recovery mode if failed

4. Sandboxes and code signing

1) Sandbox

• Sandbox is an iOS access control technique that runs in the kernel.
• The purpose of preventing damage to the system and user’s data in case of app corruption
• Preventing applications from accessing other unrelated data, separating privileges (if jailbroken makes them vulnerable)
• If the app is damaged, it can affect and damage important systems, so it is secured using a sandbox.

2) App Code Signing

• Implementing a DRM system so that only code signed by Apple runs
• Unsigned apps from the App Store cannot be installed (app installation runs code signing checks at runtime)
• Perform app code signing using Xcode
• You must purchase an Apple Signing Certificate to release your app on the Apple Store!

5. iOS lifecycle

• Not running
• Inactive
• Active
• Runs in the foreground and receives events
• Background
• Execute code without user interaction
• Suspended
• Exists in memory in background state, but does not execute code

By Ganesh | LinkedIn | Medium | GitHub