Page 25 - index
P. 25
- %&/" /0- ( -&* &,(". /% / -"1"*/ +!" +!&#& /&+* +-
"1"-." *$&*""-&*$
- $# ( # &( & # ! & ($& Arxan Technologies
When trying to prevent reverse-engineering or unauthorized code modification into your mobile
app solution, there are ten critical design principles that should be applied to your solution.
Together, these architectural features will make it very difficult, if not impossible, for an attacker
to inject or modify mobile app code through binary attacks.
#1 Principle to Follow: Defense in Depth
Integrity controls within applications must be applied using a defense-in-depth strategy within
the application binary. A network of integrity controls should protect each other as well as the
underlying application. This integrity control layering strategy makes integrity vulnerabilities
extraordinarily difficult to exploit and thus unlikely to occur.
For example, checksum controls should protect other checksum controls that verify the integrity
of the application. This makes it a tedious and difficult task for an attacker to tamper with the
integrity verification mechanism.
2. Positive Security Model
A "positive" integrity security model applies code integrity controls to protect code and data
based on characteristics that are known and good, rather than what is known to be bad. This
reduces the amount of maintenance involved in maintaining integrity controls within the
application over time.
For example, a value-verification integrity control should verify that a data element holds
particular values when it needs to verify that the application has not been tampered with. It
should not look for known bad values as these values may grow over time with new, unknown
avenues of attack.
3. Avoid Integrity Information Leakage
Handling errors securely is a key aspect of application integrity protection. When integrity
controls detect tampering, the organization may want the application to fail. The application
must do so without revealing information about the underlying technologies that implement the
integrity controls.
For example, it would not be appropriate for an integrity control to respond to an attack by
displaying an error message that indicates the specific integrity control that failed.
4. Least Privilege
Applications must run under accounts that have the least amount of privilege required to
perform their business processes. When code integrity violations occur, the control should not
require elevated privileges to respond.
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
