Hackers of India

Sandboxing The deep truth

By  Disha Agarwal   Manish Pali  on 15 Feb 2012 @ Nullcon


Presentation Material

Abstract

In recent years, the focus of black hats has moved from finding vulnerabilities in the operating system to application software. This shift in their focus has been facilitated by the emergence of publicly available fuzzing frameworks that help easy discovery of vulnerabilities in desktop applications. These vulnerabilities enable attackers to steal data from the victims and to install back doors through which the attackers can return for further exploitation. They thus pose a huge risk. Majority of these attacks target ubiquitous and ppularly used applications like Adobe Reader, Flash Player and Microsoft Office Suite. In an era where IT drives business, security breaches in software can cause huge credibility losses for the software vendors. In response to this problem, vendors are trying to improve the security of their applications by implementing newer security measures. Sandbox is one such technology which protects the system from being compromised even if the attacker succeeds in finding a vulnerability in the application code. This is achieved by limiting the capabilities of the sandbox process so that it cannot install malware or steal data from the user’s machine. The sandbox thus provides defence-in-depth protection against un-patched or unknown vulnerabilities in the core application.

This paper intends to explain “sandboxing” as a technique for threat mitigation. It gives technical details of how to implement sandboxing while developing windows applications, taking Adobe Reader (version X) as a case study. The paper also explains the mitigations provided by the sandlX’x design and the typical challenges that come about while implementing such a technology in one’s application.