Skip to content

Latest commit

 

History

History
48 lines (39 loc) · 5.49 KB

threat-modeling.md

File metadata and controls

48 lines (39 loc) · 5.49 KB

Threat Model Analysis for realm/realm-cocoa

Threat: Unauthorized Realm File Modification

  • Description: An attacker gains access to the application's sandbox (e.g., through a jailbroken device, a compromised backup, or another vulnerability in another part of the app) and directly modifies the .realm file using external tools, bypassing application logic and security controls. They could insert malicious data, delete records, or alter existing data. This bypasses any in-app security.
  • Impact: Data corruption, data loss, injection of malicious data that could lead to further compromise (e.g., code execution if the app uses the data in an unsafe way), application instability, and violation of data integrity.
  • Affected Component: Realm file (.realm file on disk), Realm Core database engine.
  • Risk Severity: High (if encryption is not used) / downgraded to Medium if encryption is properly used, as the primary threat is then key compromise, not direct file modification
  • Mitigation Strategies:
    • Mandatory: Enable Realm's encryption-at-rest feature.
    • Mandatory: Securely manage the encryption key using the iOS Keychain or a secure enclave. Never hardcode the key.
    • Defense-in-Depth: Implement file integrity checks (e.g., checksums) outside of Realm to detect unauthorized modifications.
    • Defense-in-Depth: Store highly sensitive data in more secure locations (e.g., Keychain) instead of Realm.

Threat: Realm File Substitution

  • Description: An attacker replaces the legitimate .realm file with a crafted, malicious one. This could be done through similar attack vectors as file modification (jailbroken device, compromised backup, vulnerability in another part of the app). The malicious file might contain pre-populated data designed to exploit vulnerabilities in the application or to mislead the user.
  • Impact: Similar to file modification: data corruption, data loss, injection of malicious data, application instability, and potential for further compromise. The attacker could pre-populate the database with data designed to trigger specific vulnerabilities.
  • Affected Component: Realm file (.realm file on disk), Realm Core database engine.
  • Risk Severity: High (if encryption is not used) / downgraded to Medium if encryption is properly used, as the primary threat is then key compromise, not file substitution
  • Mitigation Strategies:
    • Mandatory: Enable Realm's encryption-at-rest feature. A substituted file will be unusable without the correct key.
    • Mandatory: Securely manage the encryption key (as above).
    • Defense-in-Depth: Implement file integrity checks before opening the Realm file.

Threat: Unauthorized Data Access via Realm API

  • Description: An attacker exploits a vulnerability within the application code that uses Realm (e.g., a code injection flaw, a compromised third-party library used by the app) to gain unauthorized access to the Realm API. They can then use Realm's API methods (e.g., realm.objects(), realm.write()) to read, modify, or delete data without going through the application's intended security checks. The vulnerability is not in Realm itself, but in how the app uses Realm.
  • Impact: Data leakage, data modification, data deletion, violation of data integrity, and potential for privilege escalation within the application.
  • Affected Component: Realm Cocoa API (specifically, methods for querying and modifying data), Realm Core database engine. The vulnerability is in the application code that calls these APIs.
  • Risk Severity: High.
  • Mitigation Strategies:
    • Mandatory: Rigorous code review and secure coding practices to prevent code injection vulnerabilities in the application code.
    • Mandatory: Careful dependency management to avoid using compromised or vulnerable third-party libraries in the application.
    • Important: Implement input validation and data sanitization before interacting with the Realm API, even for data originating from within the application.

Threat: Realm Cocoa Vulnerability Exploitation (Elevation of Privilege)

  • Description: An attacker exploits a previously unknown vulnerability in the Realm Cocoa library itself (e.g., a buffer overflow, a logic error) to gain elevated privileges within the application or the operating system. This is a direct vulnerability in the Realm library.
  • Impact: Potential for arbitrary code execution, complete system compromise. This is the most severe but least likely scenario.
  • Affected Component: Realm Cocoa library (any part, depending on the specific vulnerability).
  • Risk Severity: Critical.
  • Mitigation Strategies:
    • Mandatory: Keep Realm Cocoa up to date. Regularly update to the latest version to receive security patches.
    • Important: Follow secure coding practices in your application to minimize the attack surface and limit the impact of a potential Realm vulnerability.
    • Important: Implement sandboxing and other OS-level security features to contain the impact of a compromised application.
    • Important: Monitor security advisories and vulnerability databases for any reported issues with Realm Cocoa.