Other Apple Documentation

Here are a few other Apple documents you might be interested in, depending on what technologies you want to learn more about.

Authentication and Authorization

• Authentication, Authorization, and Permissions Guide provides additional information about authentication and authorization at a conceptual level. (macOS only)

• Authorization Services Programming Guide and Authorization Services C Reference explain how to perform certain authorization-related tasks. (macOS only; note that many of these tasks, such as elevating privilege, are not allowed in a sandboxed environment)

• Open Directory Programming Guide explains how to use Open Directory APIs to authenticate a user or obtain information about a user. (macOS only)

• Security Interface Framework Reference describes the Objective-C interface to Authorization Services. This interface also provides a variety of security-related user interface elements. (macOS only)

• Technical Note TN2095, Authorization for Everyone, also discusses the use of Authorization Services. (macOS only)

Cryptography

• Cryptographic Services Guide describes encryption, decryption, signing, verifying, digital certificates, and other related concepts in more detail at a conceptual level.

• Security Transforms Programming Guide describes a macOS API for certain cryptographic tasks. (macOS only)

• Certificate, Key, and Trust Services Reference explains how to work with certificates, keys, and other related technologies in more detail.

Code And Application Signing

• Cryptography Concepts In Depth in Cryptographic Services Guide explains code signing concepts in greater depth.

• Code Signing Guide tells you how to perform code signing on the command line and other unusual signing-related tasks.

Secure Storage

• Keychain Services Reference explains how to use the keychain in your code.

• Protecting Data Using On-Disk Encryption in App Programming Guide for iOS explains how to use the iOS data protection feature in your app. (iOS only)

Secure Networking

• CFNetwork Programming Guide and URL Loading System explain how to make secure network connections using high-level APIs.

• Secure Transport Reference tells how to make secure network connections at the socket layer. (macOS only)

Privilege Separation

• Designing Secure Helpers and Daemons in Secure Coding Guide provides guidance on how to securely perform privilege separation.

• Daemons and Services Programming Guide describes XPC services, which is the preferred way of launching and communicating with helper apps in a sandboxed environment. (macOS only)

Miscellaneous

• Apple's Open Source website provides Apple’s open source security code. You can examine it to see which security protocols and algorithms are supported by Apple’s macOS and iOS security implementation and to find additional documentation.

• The Security topic areas in the macOS Developer Library and the iOS Developer Library contain a number of security-specific release notes.

Third-Party Documentation

There are a number of excellent books on computer security that you should consider reading. Here are just a few of them, grouped into subject areas.

• Cocoa Security

  • Lee, Graham J. Professional Cocoa Application Security, Wrox Professional Guides, 2010.

• Threat Modeling

  • Howard, Michael, and David LeBlanc. Writing Secure Code (second edition), Microsoft Press, 2003.

  • Anderson, Ross. Security Engineering: A Guide to Building Dependable Distributed Systems, 2d ed. John Wiley & Sons, 2001.

• Fuzz Testing

  • Sutton, Michael, Adam Greene, and Pedram Amini. Fuzzing: Brute Force Vulnerability Discovery, Pearson Education, 2007.

• Cryptography

  • Schneier, Bruce. Applied Cryptography. 2d ed. John Wiley & Sons. 1996.

  • Brands, Stefan. Rethinking PKI and Digital Certificates: Building in Privacy. The MIT Press. 2000.

• Secure Networking

  • Gray, John Shapley. Interprocess Communications in UNIX. 2d ed. Prentice Hall Professional. 1997.

  • Stevens, W. Richard. UNIX Network Programming: Interprocess Communications. Vol. 2, 2d ed. Prentice Hall Professional. 1998.

  • Stevens, W. Richard, Bill Fenner, and Andres M. Rudoff. UNIX Network Programming: The Sockets Networking API. Vol. 1. 3d ed. Addison Wesley Professional. 2004.

• General

  • Garfinkel, Simson, Gene Spafford, and Alan Schwartz. Practical Unix & Internet Security. 3d ed. O’Reilly. 2003.

  • Viega, John, and Gary McGraw. Building Secure Software. Addison-Wesley Professional. 2002.

  • McKusick, Marshall Kirk, Keith Bostic, Michael Karels, and John Quarterman. The Design and Implementation of the 4.4 BSD Operating System. Addison-Wesley. 1996.

Standards and Protocol References

The following pages describe some of the standards, protocols, and algorithms used by Apple. Although many of these pages are fairly old, the standards have not changed enough to invalidate their usefulness.

Common Criteria

• For more information about the Common Criteria, including links to download the complete official criteria, see the Common Criteria portal at http://www.commoncriteriaportal.org/ and the website of the Common Criteria Evaluation and Validation Scheme (CCEVS) (http://www.niap-ccevs.org/cc-scheme/).

Kerberos

• For information on Kerberos authentication, see the MIT Kerberos website.

• See macOS server help for details on the services that support Kerberos and on how to implement a Kerberos KDC on your macOS server.

Other Secure Networking Protocols

• The authentication model for HTTP is described in RFC 2617, HTTP Authentication: Basic and Digest Access Authentication.

• For information on the SSL protocol for secure networking, see the IETF SSL Version 3.0 Draft Specification. For the TLS protocol, see the TLS Working Group website and RFC 5246.

• Documentation of the AES encryption algorithm used for FileVault is available on the National Institute of Standards and Technology (NIST) website.