S stands for security in WWDC

S stands for security in WWDC

Talk by Anastasiia Vixentael

Originally posted here: https://speakerdeck.com/vixentael/security-privacy-and-cryptography-at-wwdc19

Это будет обзорная лекция, посвященная нововведениям в сфере security, представленным на WWDC, в частности фреймворку CryptoKit, с точки зрения опытного security-инженера.

This talk was made for CocoaFriday #4 ( https://cocoaheads.org.ua/cocoafriday/4 ) which took place Jun 14, 2019

Video: https://youtu.be/61BUVpDBdZQ

Db84cf61fdada06b63f43f310b68b462?s=128

CocoaHeads Ukraine

June 14, 2019
Tweet

Transcript

  1. 2.

    @vixentael product engineer in security and cryptography OSS maintainer: Themis,

    Acra cryptographic tools, security engineering, datasec training
  2. 26.

    @vixentael • Endpoint security framework • App notarization, Gatekeeper, quarantine

    • new permissions 701: Advances in macOS Security FOR MACOS DEVS
  3. 29.

    @vixentael IOS & MACOS PRIVACY UPDS • prevents macApps from

    taking screenshots https://krausefx.com/blog/mac-privacy-sandboxed-mac-apps-can-take- screenshots • prevents iOS apps from tracking location https://krausefx.com/blog/ios-privacy-detectlocation-an-easy-way-to-access-the- users-ios-location-data-without-actually-having-access
  4. 42.

    @vixentael developer.apple.com/documentation/cryptokit/ - CryptoKit is based on corecrypto (C, FIPS

    140-2 compliant) - should be fast on ARM - high level API - modern crypto (AES GCM, Chacha20, ECC) CRYPTOKIT
  5. 44.

    @vixentael developer.apple.com/documentation/cryptokit/ - crypto-library, you need to work hard to

    make entire app - key management is still dev’s pain CRYPTOKIT
  6. 48.

    • 708: Designing for Privacy • 709: Cryptography and Your

    Apps • 703: All About Notarization • 706: Introducing Sign In with Apple • 701: Advances in macOS Security • 702: System Extensions and DriverKit • 504: What’s New in Authentication, Safari, and WebKit
  7. 49.

    @vixentael product engineer in security and cryptography OSS maintainer: Themis,

    Acra cryptographic tools, security engineering, datasec training github.com/vixentael/my-talks wwdcbysundell.com/2019/ anastasiia-voitova-on-security/