MSTG_RESILIENCE 시리즈

Tags

시리즈의 내용이 정리 문서에서 다루어졌는지 여부 표시.

링크

https://mobile-security.gitbook.io/masvs/security-requirements/0x15-v8-resiliency_against_reverse_engineering_requirements
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06j-Testing-Resiliency-Against-Reverse-Engineering.md
 
1,2,3,4,5,6,9,10 (안드로이드, 코드까지)
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md
 

Impede Dynamic Analysis and Tampering

동적분석과 조작 방해
 

MSTG-RESILIENCE-1

The app detects, and responds to, the presence of a rooted or jailbroken device either by alerting the user or terminating the app.
 

MSTG-RESILIENCE-2

The app prevents debugging and/or detects, and responds to, a debugger being attached. All available debugging protocols must be covered.
 

MSTG-RESILIENCE-3

The app detects, and responds to, tampering with executable files and critical data within its own sandbox.
 

MSTG-RESILIENCE-4

The app detects, and responds to, the presence of widely used reverse engineering tools and frameworks on the device.
 

MSTG-RESILIENCE-5 (에뮬레이터 검사인데, 아직은 필요없음)

The app detects, and responds to, being run in an emulator.
 

MSTG-RESILIENCE-6

The app detects, and responds to, tampering the code and data in its own memory space.
 

MSTG-RESILIENCE-7

The app implements multiple mechanisms in each defense category (8.1 to 8.6). Note that resiliency scales with the amount, diversity of the originality of the mechanisms used.
 

MSTG-RESILIENCE-8

The detection mechanisms trigger responses of different types, including delayed and stealthy responses.
 

MSTG-RESILIENCE-9 (난독화)

Obfuscation is applied to programmatic defenses, which in turn impede de-obfuscation via dynamic analysis.

Device Binding

 

MSTG-RESILIENCE-10

The app implements a 'device binding' functionality using a device fingerprint derived from multiple properties unique to the device.
 

Impede Comprehension (방해 방식 이해)

 

MSTG-RESILIENCE-11

All executable files and libraries belonging to the app are either encrypted on the file level and/or important code and data segments inside the executables are encrypted or packed. Trivial static analysis does not reveal important code or data.
 

MSTG-RESILIENCE-12

If the goal of obfuscation is to protect sensitive computations, an obfuscation scheme is used that is both appropriate for the particular task and robust against manual and automated de-obfuscation methods, considering currently published research. The effectiveness of the obfuscation scheme must be verified through manual testing. Note that hardware-based isolation features are preferred over obfuscation whenever possible.
 

Impede Eavesdropping (방해 엿듣기)

 

MSTG-RESILIENCE-13

As a defense in depth, next to having solid hardening of the communicating parties, application level payload encryption can be applied to further impede eavesdropping.