Ivan Krstic, head of Apple Security Engineering and Architecture, will take to the stage at this year’s Black Hat USA conference to discuss three iOS security mechanisms in “unprecedented technical detail”.
According to the details shared by Apple, on August 4 in Las Vegas Krstic will discuss “the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss”.
During his speech, Krstic will also discuss how the Secure Enclave paved the way to a new approach to “Data Protection key derivation and brute force rate limiting within a small TCB”, as well as a “unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target”.
Speaking to developers attending this year’s WWDC (Session 705 – iOS), Krstic looked back and briefly analyzed how iOS security has been performing. Since security can’t be measured directly, he said, what’s left are indirect metrics, and all of them reveal that Apple engineers have been doing a good job in protecting users. The first metric, considered the most important by Apple, according to Krstic, is that after a decade of existence “there has still not been a single piece of iOS malware affecting users at scale”.