1.
Sandboxes:
A Pen-tester’s perspective
Rahul Kashyap rahul@bromium.com
Rahul Kashyap, rahul@bromium.com

2.
Bromium Confidential
• Previously led McAfee Labs vuln research
• Done security startups and offense/defense security
research
• Bromium Labs
• Team has discovered several vulnerabilities in multiple platforms
• Spoken at several cool conferences
About
I’m
Hiring!

3.
Bromium Confidential
• Sandboxes: Introduction
 Architecture
 Types
• Sandboxes: Exploitation
 Kernel Mode
 User Mode
• Conclusion
Agenda

4.
Bromium Confidential
• Environment designed to run untrusted (or exploitable)
code, in a manner that prevents the encapsulated code
from damaging the rest of the system
• The aim of a sandbox is to isolate threats
• Our research focuses on security effectiveness of the
isolation primitives for application sandboxes
What is a sandbox?

5.
Bromium Confidential
• Type A: OS enhancement based (Sandboxie, Buffer Zone
Pro, Dell DDP)
• Type B: Master/slave model (Adobe ReaderX, Chrome
browser)
Types of Sandboxes

6.
Bromium Confidential
• A lot of commonly used code reliant on kernel components
and various services
• Large exposure to kernel interfaces
Digression: Windows OS

7.
Bromium Confidential
• Sandboxed app: dear kernel, please open a file for me, the
file name is at address X
• Kernel: X points to “allowed_file.txt” string; here goes a file
handle for you
• Sandboxed app: dear kernel, please open a file for me, the
file name is at address Y
• Kernel: Y points to “secret_file.txt” string; you are a
sandboxed app, I will not let you access this file
How kernel enforces access control

8.
Bromium Confidential
• Sandboxed app: dear kernel, please draw the text “Hello world”
for me please, using the true type font stored at address X
• Kernel: You are a sandboxed app, but using a font is a benign
operation which you need to function properly
• Kernel: OK, just a moment, I need to parse this font
• While processing the font, kernel corrupts its own memory
because the parser code in the kernel is buggy
• Because of memory corruption, kernel starts executing code at
X, which allows the app to do anything it wants
How kernel exploits work (example)

9.
Bromium Confidential
• Example: Sandboxie, BufferZone Pro, Dell DDP
• Custom kernel driver modifies Windows behavior, so that
change to protected system components is prevented
• Use cases: Most of such sandboxes are used for controlled
execution of applications
• Sandboxie is widely used for malware analysis
TYPE A

10.
Bromium Confidential
Application Sandbox Type A

11.
Bromium Confidential
• Example: Google Chrome, Adobe Reader
• Two processes - master and slave, talking over IPC channel
• Slave is confined using OS access control facilities
• Master mediates access to resources
• Use case: protect the application from exploitation
• Google Chrome and Adobe Reader are popular applications
mainly for web and content rendering
TYPE B

12.
Architecture: Type B
• Master has smaller codebase,
the point being – it should be
tougher to exploit it
• Slave has a bigger attack
surface that needs to be
„brokered‟ by the master
• Slave still directly interacts
with the OS Kernel
• Slave also has access to
certain user mode
components

13.
Bromium Confidential
Application Sandbox Type B

14.
Bromium Confidential
• Slave runs with low privileges
• restricted token
• job object
• desktop object
• integrity level
Chromium sandbox on Windows

15.
Bromium Confidential
• How exhaustive is the OS-based confinement, according to
the documentation [2]?
• Mounted FAT or FAT32 volumes – no protection
• TCP/IP – no protection
• Access to most existing securable resources denied
• Everybody agrees it is good enough…
Chromium sandbox on Windows

16.
Bromium Confidential
Chromium sandbox in action
Slave
Master

17.
Bromium Confidential
• How resistant is Master to a malicious Slave?
• This is what most authors focused on
• How resistant is OS to a malicious Slave?
• We focus on the last aspect
• Recently MWRLabs also bypassed Chrome using similar vector
Pwn2Own 2013[11]
Chromium sandbox on Windows

18.
Bromium Confidential
Master/slave type sandbox on Windows,
Adobe Reader
Observe “Low”
Integrity level

19.
Bromium Confidential
• Exhaustive previous related work on methodology of
attacking the Master [3], [4]
• The first case of Adobe sandbox vulnerability exploited in
the wild reported in Feb 2013 [9]
• This escape possible because of a bug in Master
Master/slave type sandbox on Windows, Adobe
Reader

20.
Bromium Confidential
Master/slave type sandbox on Windows, Chrome
browser
Observe “untrusted”
Integrity level

21.
Bromium Confidential
• Slave de-privileged even more than stated in chrome
sandbox documentation
• “Untrusted” integrity level
• Particularly, access to FAT32 file system denied
Master/slave type sandbox on Windows, Chrome
browser

22.
Bromium Confidential
• Well-known cases of successful attacks against the master
(shown at Pwnium[5], Pwn2own[6])
• The attacks against the master are complex and relatively
rare
Master/slave type sandbox on Windows,
Chrome browser

23.
Bromium Confidential
• Slave can still exploit a kernel vulnerability
• bpf syscall filter on Linux - designed to limit exposure of OS #nice
• Some vulnerabilities are not exploitable by Slave
• If need to create a process
• If need to alter specific locations in the registry
• win32k.sys still much exposed
A vulnerability in win32k.sys can potentially be exploited at the
browser level, yielding full control over the machine directly, without
the need to achieve code execution in the sandbox first.
Master/slave type sandbox on Windows,
Chrome browser

24.
Bromium Confidential
Exploitation

25.
CVE-2012-0217
Exploit: MS12-042
SANDBOX BYPASS
DEMO
(Kernel Mode Exploitation)
Sandbox
PWNY!

26.
Bromium Confidential
• Windows kernel issues are discovered increasingly
frequently
• 25 CVE for Windows kernel in 2012
• 73+ CVE till Sept 2013
• There have been attacks like Duqu that have targeted
kernel vulnerabilities
• Yes… it‟s a large attack surface
Is this a problem?

27.
User Mode Exploitation
• Type A and Type B do not restrict
network connectivity for a
sandboxed process.
• The exception to this rule is
Google Chrome that has been
hardened to restrict TCP/IP
networking in case the renderer
got exploited.
• All vulns in these services are a
potential sandbox escape vector
• Even properly functioning code
can be abused

28.
Bromium Confidential
• ALPC ports are a low-level mechanism used for
interprocess communication on the Windows OS. Again,
many Windows services listen on ALPC ports; if a
sandboxed code can connect to these services, it can
attempt to exploit a vulnerability in it.
• Type A sandboxes are wide open to all of these
ALPC Ports

29.
ALPC Ports: Adobe Reader vs Chrome
Adobe Reader XI (version 11.0.3):
lkd> !alpc /lpp fffffa80052ffb30
Ports created by the process fffffa80052ffb30:
fffffa8004f9fb50('OLEB45817786DEF457D9394B3110F6
B') 0, 1 connections fffffa8005312070 0 ->
fffffa8005279990 0 fffffa80078ddb30('svchost.exe')
Ports the process fffffa80052ffb30 is connected to:
fffffa80053073c0 0 -> fffffa80078bf090('ApiPort') 0
fffffa8007ce3060('csrss.exe')
fffffa80050b7070 0 -> fffffa8007b4ea10('ThemeApiPort')
0 fffffa8007aaab30('svchost.exe')
fffffa800b4b9e60 0 -> fffffa8007912c30('lsasspirpc') 0
fffffa8007883210('lsass.exe')
fffffa8004f1adc0 0 -> fffffa8007b34e60('Audiosrv') 0
fffffa8007a1e9e0('svchost.exe')
fffffa8004f0e3f0 0 -> fffffa80079d4e60('epmapper') 31
fffffa80078ddb30('svchost.exe')
fffffa800535cb20 0 -> fffffa800798ea70('plugplay') 0
fffffa800797db30('svchost.exe')
Google Chrome browser (Version 27.0.1453.110 m)
lkd> !alpc /lpp fffffa80053a1060
Ports created by the process fffffa80053a1060:
<none>
Ports the process fffffa80053a1060 is connected to:
fffffa8005397b30 0 -> fffffa80078bf090('ApiPort') 0
fffffa8007ce3060('csrss.exe')
fffffa80052c8dd0 0 -> fffffa8007b4ea10('ThemeApiPort')
0 fffffa8007aaab30('svchost.exe')

30.
Bromium Confidential
• “The vulnerability is caused by CSRSS improperly
validating permissions when a lower-integrity process
communicates a device event message to a higher-integrity
process.”
• Actually, the vulnerable versions of CSRSS performed no
validation or permission check at all, blindly executing
PostMessage with all parameters controllable by the peer.
• Errr... Shatter attack redux??
Example: CSRSS vulnerability (MS11-063)

31.
CVE-2011-1967
Exploit: MS11-063
SANDBOX
User-Mode Exploitation

32.
Bromium Confidential
Summary
http://labs.bromium.com/2013/07/23/application-sandboxes-a-pen-testers-
perspective/

33.
CVE-2011-3402
Exploit: MS11-087
SiS’eh: Sandbox-in-Sandbox?Sandbox)
!)
Clueless
PWNY!
DiDi ™ :- Defense in Depth indeed!

34.
Bromium Confidential
Conclusion
• Application sandboxes are fundamentally vulnerable to kernel mode and certain
user mode vulnerabilities on the OS
• Breaking out of a sandbox by exploiting OS vulns provides far better ROI for the
attackers
• In our analysis Type A were far easier to escape out than Type B #$$ #Chrome
• Definitely avoid malware analysis inside application sandboxes! #D‟0h!

35.
Bromium Confidential
• Rafal Wojtczuk, Bromium Labs
• [1] http://www.sandboxie.com/
• [2] http://dev.chromium.org/developers/design-documents/sandbox
• [3] "A Castle Made of Sand - Adobe Reader X Sandbox" Richard Johnson
• [4] “Breeding Sandworms” - Zhenhua Liu, Guillaume Lovet
• [5] http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html
• [6] "Pwn2Own 2012: Google Chrome browser sandbox first to fall"
http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588
• [7] Dennis Fisher
http://threatpost.com/en_us/blogs/its-time-abandon-java-012113
• [8] BufferZone Pro, http://www.trustware.com/BufferZone-Pro/
• [9] arstechnica.com/security/2013/02/zero-day-attack-exploits-latest-version-of-adobe-reader/
• [10] Duqu malware, http://em.wikipedia.org/wiki/Duqu
• [11] https://labs.mwrinfosecurity.com/blog/2013/09/06/mwr-labs-pwn2own-2013-write-up---kernel-exploit/
Credits/References

36.
@rckashyap
Thanks!
http://labs.bromium.com/