Back to Monkton

Rebar iOS Data at Rest

Monkton, Inc. 2018

Part of Rebar's compliance with NIAP and other associated security profiles is adherence to the API Boundary for Data at Rest (DAR). DAR compliance for the app is achieved by leveraging Rebar's File Manager, Settings Manager, and Database Manager.

Where appropriate, Rebar implements functionality similar to iOS SDK functions to reduce a developers time to learn.

File Management

Rebar implements the RebarFileManager, which mimics the functionality of NSFileManager for reading and writing files from the file system. RebarFileManager handles and manages the entire AES-256 encryption of files which are to be saved to the file system.

The RebarFileManager implements a virtual file system within the App, meaning retrieving paths to the App's document folder is not necessary, files can be used in an absolute fashion. Meaning, you can read and write to a file at /folder-a/file.txt

At this time Rebar does not support files based on the NSURL scheme, only direct file reading and writing

Integrating the RebarFileManager is a drop in replacement for NSFileManager, meaning it can be replaced without issue since RebarFileManager's base class is NSFileManager.

Monkton will be adding raw file streams in the near future.

Settings Management

Rebar provides an encrypted settings manager RebarUserDefaults to store settings securely. All settings will be stored with AES-256 encryption. A limitation of the secure settings is they can only be accessed after the user has authenticated. If you need to access settings outside of an authenticated user, leverage the device keychain.

RebarUserDefaults is a subclass of NSUserDefaults and can be accessed the same way. To retrieve the instance of RebarUserDefaults call the static method RebarUserDefaults.default.

Database Management

Rebar allows for apps to have zero to many databases for managing data.

All databases classes must extend the RebarDatabase to inherit the security configurations for each.

Internally, Rebar manages two databases for file management and internal storage and configuration.

Note: At this time for iOS Core Data is not supported. Rebar ships with FMDB built in.

Setup and instantiation

In iOS the app delegate (Which must extend the RebarAppDelegate class) class must register the databases as part of the startup process. Each database should be registered via the database manager's register method. These methods take the class value to map.

class MyAppDelegate: RebarAppDelegate {

	override func configureApp() {
		
		// Set the configuration
		RebarAppController.default.setConfiguration(MyAppAppConfiguration());

		// Set the Database configuration
		RebarDatabaseManager.default.register(MyAppDatabase);
				
	}
}

Sample Database Class

Below is a sample database class, this can be customized depending on your need. At a minimum, you must implement databaseName.


class MyAppDatabase : RebarDatabase {

	/// The name of the database asset for the app that 
	/// has the initial schema. If not defined, a blank database will be
	/// created.
    override internal var bundlePath: String {
        get {
            return "sample.db";
        }
    }

	/// The name of the database as it exists on the file system - should
	/// be unique for your app and the database. 
    override internal var databaseName: String {
        get {
            return "sample-app.sqlite";
        }
    }
	
	/// Internal key for storage of configuration data
	static let APP_NAME: String = "MyApp";
	
	/// An optional internal check to perform upgrades to the database
	/// This is helpful when you update schemas within the app, want to add
	/// new fields, keys, or data to the existing database
	override func verifyUpgrades(db: FMDatabase!) {
		
		// Always check the parent upgrades
		super.verifyUpgrades(queue);
		
		// Grab the current version for this database
		var currentVersion: Int = self.getCurrentDatabaseVersion(queue, app: MyAppDatabase.APP_NAME);
		
		// Perform the upgrades for versions < accepted
		if (currentVersion < 1) {		
			
			performSingleUpgrade("CREATE TABLE [APP_ITEM]  (ITEM_ID INTEGER PRIMARY KEY AUTOINCREMENT)", db: db);			
	
			// Increment the current version 
			currentVersion = 1;
			
			// Update the current version
			setCurrentDatabaseVersion(db, app: MyAppDatabase.APP_NAME, version: currentVersion);
			
		}
		
	}
	
}

Bundle file

Implementations of the RebarDatabase may define the source database schema with the bundlePath file. This must be a sqlite database located within the app bundle. The return value should be a string indicating the name of the file, such as myapp.sqlite.

This can be a preloaded database that Rebar will copy and encrypt. If this is not provided, an empty database will be generated.

Schema customization

Updates can be easily administered via overriding the verifyUpgrades methods. This allows for the tracking and updates to tables, data, keys, each time the app is run.

For updates to the app, this is where updates to the schema should occur.

Overriding this method should always call the superclass method verifyUpgrades first, followed by the implementation of the upgrade.


	static let APP_NAME: String = "MyApp";
	
	// Check upgrades
	override func verifyUpgrades(db: FMDatabase!) {
		
		// Always check the parent upgrades
		super.verifyUpgrades(queue);
		
		// Grab the current version for this database
		var currentVersion: Int = self.getCurrentDatabaseVersion(db, app: MyAppDatabase.APP_NAME);
		
		// Perform the upgrades for versions < accepted
		if (currentVersion < 1) {		
			
			performSingleUpgrade("CREATE TABLE [APP_ITEM]  (ITEM_ID INTEGER PRIMARY KEY AUTOINCREMENT)", db: db);
			
	
			// Increment the current version 
			currentVersion = 1;
			
			// Update the current version
			setCurrentDatabaseVersion(db, app: MyAppDatabase.APP_NAME, version: currentVersion);
			
		}
		
	}

Using Databases in iOS

Databases can be retrieved by invoking the RebarDatabaseManager.default.getDatabase(MyAppDatabase) method.

Monkton has integrated FMDB into the RebarDatabaseManager as a means to provide a simple to use interface for database operations. RebarDatabase classes with the .queue databaseHandleType will return FMDatabaseQueue objects. This open source project enables queued access to the underlying databases for all database operations. FMDB also enables the interaction with the low level sqlite database instance if that is desired.

Optionally, RebarDatabase classes can override the databaseHandleType to .database which will load the database as a raw sqlite handle, not a FMDB queue.

Raw sqlite handles can be retrieved by invoking the RebarDatabaseManager.default.getRawDatabase(MyAppDatabase) method.

RebarDatabase classes cannot use both .queue and .database databaseHandleType types.

Further details on how to use databases can be seen the Rebar Sample iOS projects, here.