Post on 16-Jul-2015
SANDBOX TECHNOLOGY
Running Untrusted Application Code
Rohit JainAyush Gupta
INDEX
• What is Sandbox?
• How does it work?
• Features ,Types & Examples
• How to Sandbox any program
• W/O Sandbox
• Virus scanner VS Sandbox
• Summary
The term security always plays an important role in our lives ,where it is the age of computers so security plays an even bigger role.
The latest and most sophisticated technology emerged over the years is Sand Box technology.
INTRODUCTION
Sandboxing is a popular technique for
creating confined execution
environments,
which could be used for running
untrusted programs.
RUNNING UNTRUSTED CODE
• We often need to run buggy/untrusted code:
–programs from untrusted Internet sites
• toolbars, viewers, codecs for media player
–old or insecure applications: ghost view, outlook
–legacy softwares
• Goal: if application “misbehaves,” kill it.
FEATURES OF SANDBOX
• User friendly It can detect unknown viruses with a minimal risk of false alarms.
• Provides a platform to test malwares and other risky piece of codes.
• Much of the code your devices run every day is already sandboxed for your protection
EXAMPLES• Web Pages: Your browser essentially sandboxes the web pages
it loads. Web pages can run JavaScript code, but this code can’t
do anything it wants — if JavaScript code tries to access a local
file on your computer, the request will fail.
• PDFs and Other Documents: Adobe Reader now runs PDF
files in a sandbox, preventing them from escaping the PDF
viewer and tampering with the rest of your computer. Microsoft
Office also has a sandbox mode to prevent unsafe macros from
harming your system.
EXAMPLES
• Mobile Apps: Mobile platforms run their apps in a sandbox. Apps for iOS, Android, and Windows 8 are restricted from doing many of the things standard desktop applications can do.
• Windows Programs: User Account Control functions as a bit of a sandbox, essentially restricting Windows desktop applications from modifying system files without first asking you permission. User Account Control just restricts access to system files and system-wide settings.
VIRUS SCANNERS VS SANDBOX
• Sand Box scans the actions the virus code takes and
not the name or characteristics of the virus. where the
virus scanners have can only inform you and remove
the type of virus you have .
• Sandbox cannot replace anti-virus scanners as
identification, disinfection and removal of viruses can
only be done by virus scanners.
• Both work complementary to each others for
providing a fully secured environment .
HOW TO SANDBOX ANY PROGRAM
• Virtual Machines: A virtual machine program
like VirtualBox or VMware creates virtual hardware
devices that it uses to run an operating system. This
entire operating system is essentially sandboxed, as it
doesn’t have access to anything outside of the virtual
machine.
• Using other tools: Sandboxie, Bufferzone
WITHOUT SANDBOX ?
If the sandbox agent does not protect your computer, hostile
applets could access all the files and resources that are available
on your computer.
Recently corporate networks and computers connects to the
internet have been attacked and have reported damages from
illegal access from the outside.
Malicious mobile code (active x, java, vb script as well as other
executables ) is increasingly being used to issue these attacks.
without sophisticated knowledge like sandbox the rate of threats
increases enormously.
TYPES OF APPLICATION SANDBOXES
• Type A: OS enhancement based: Sandboxie, Buffer Zone Pro etc.
• Type B: Master/slave model: Adobe ReaderX, Chrome browser
TYPE A
Examples:
Sand boxie (available since 2006), BufferZone
•Custom kernel driver modifies Windows behavior, so that change to protected system components is prevented
•Use cases: Most of such sandboxes are used for controlled execution of applications
TYPE B•Example: Google Chrome ,Adobe Reader
•Slave is confined using OS access control facilities
•Master mediates access to resources
•Use case: protect the application from exploitation
SUMMARY• Sandboxing is a tried and true technique for running
risky applications or visiting potentially dangerous web
sites.
• Sanbox is vulnerable.
• Security should always be multi-layered, so you should
not rely on the sandboxed environment, by itself, to
provide complete protection.