Sandbox

Speaker : Erica

2019 / 11 / 24

 

  • Introduction of Sandbox
  • Implementations
  • Sandbox in Windows 10
  • Chrome Sandbox
  • Open-sourcing Sandboxed API
  • Sandbox-evading Malware
  • Conclusion
  • Reference

Contents

Introduction of

Sandbox

What is Sandbox?

In computer security, a "sandbox" is a security tool for isolating running programs, usually to lessen system failures or software vulnerabilities from spreading.

It is often used to execute untested or untrusted programs or code, possibly from untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system.

Safe

The concept of Sandbox

Let the program to be executed in a virtual or simulated environment before being executed in the formal environment. 

Sandbox

Implementations

Examples of sandbox implementations include the following:

  • Google Sandboxed API
  • A jail
  • Virtual machines emulate a complete host computer
  • Sandboxing on native hosts
  • etc

The current anti-virus software will use sandboxing to ensure security.

Sandbox in

Windows 10

Sandbox in Windows 10

It is a new feature in the major update of Windows 10 May 2019. But Windows 10 Home does not provide this feature.

Some properties that Windows Sandbox has :

  • Pristine
  • Disposable
  • Secure

Chrome Sandbox

New page

New page

Each page is a sandbox.

New page

New page

malicious

Open-sourcing Sandboxed API

by Google 

Sandboxed API

The Sandboxed API automatically generates sandboxes for C/C++ libraries and produces reusable and secure functional implementations in popular software libraries to protect the remaining software infrastructure. 

Sandbox-evading Malware

Well-known malware not afraid of sandbox simulation analysis:

  • RANSOM_LOCKY
    • encrypted DLLs
    • Windows script files
    • spam attachment files
  • Disttrack
  • OSX_KERANGER
  • etc.

fileless attack

Here are a few fileless attack avoidance tips:

tips fileless attack sandbox
Avoid file scanning Do not use files random file scanning
Avoid behavioral association analysis Use scripts to hide in the system execution programs Intercept system-level API
Avoid sandbox simulation analysis Delayed execution  Limited observation time
tips fileless attack sandbox

Conclusion

How to avoid?

Since the techniques for evading sandbox simulation are becoming increasingly popular among malware.

 

The sandbox environment must be customized to accurately reflect the system configuration in the real world. 

Reference

Reference - 2

Thanks for listening. 

Sandbox

By oneone

Sandbox

  • 44