The document discusses application sandboxes from a penetration tester's perspective. It describes two main types of sandboxes - Type A which uses OS enhancements to isolate untrusted code, and Type B which uses a master/slave model with a lower privileged slave process. Both types are fundamentally vulnerable to kernel and some user mode vulnerabilities on the OS that can allow bypassing of the sandbox isolation. Type A sandboxes are easier to escape than Type B. The document demonstrates exploits against both sandbox types using vulnerabilities such as in CSRSS and the Windows kernel. It concludes that application sandboxes are not sufficient for malware analysis due to their vulnerability to OS exploits.
2. Bromium Confidential
• Previously led McAfee Labs vuln research
• Done security startups and offense/defense security
research
• Bromium Labs
• Team has discovered several vulnerabilities in multiple platforms
• Spoken at several cool conferences
About
I’m
Hiring!
4. Bromium Confidential
• Environment designed to run untrusted (or exploitable)
code, in a manner that prevents the encapsulated code
from damaging the rest of the system
• The aim of a sandbox is to isolate threats
• Our research focuses on security effectiveness of the
isolation primitives for application sandboxes
What is a sandbox?
5. Bromium Confidential
• Type A: OS enhancement based (Sandboxie, Buffer Zone
Pro, Dell DDP)
• Type B: Master/slave model (Adobe ReaderX, Chrome
browser)
Types of Sandboxes
6. Bromium Confidential
• A lot of commonly used code reliant on kernel components
and various services
• Large exposure to kernel interfaces
Digression: Windows OS
7. Bromium Confidential
• Sandboxed app: dear kernel, please open a file for me, the
file name is at address X
• Kernel: X points to “allowed_file.txt” string; here goes a file
handle for you
• Sandboxed app: dear kernel, please open a file for me, the
file name is at address Y
• Kernel: Y points to “secret_file.txt” string; you are a
sandboxed app, I will not let you access this file
How kernel enforces access control
8. Bromium Confidential
• Sandboxed app: dear kernel, please draw the text “Hello world”
for me please, using the true type font stored at address X
• Kernel: You are a sandboxed app, but using a font is a benign
operation which you need to function properly
• Kernel: OK, just a moment, I need to parse this font
• While processing the font, kernel corrupts its own memory
because the parser code in the kernel is buggy
• Because of memory corruption, kernel starts executing code at
X, which allows the app to do anything it wants
How kernel exploits work (example)
9. Bromium Confidential
• Example: Sandboxie, BufferZone Pro, Dell DDP
• Custom kernel driver modifies Windows behavior, so that
change to protected system components is prevented
• Use cases: Most of such sandboxes are used for controlled
execution of applications
• Sandboxie is widely used for malware analysis
TYPE A
11. Bromium Confidential
• Example: Google Chrome, Adobe Reader
• Two processes - master and slave, talking over IPC channel
• Slave is confined using OS access control facilities
• Master mediates access to resources
• Use case: protect the application from exploitation
• Google Chrome and Adobe Reader are popular applications
mainly for web and content rendering
TYPE B
12. Architecture: Type B
• Master has smaller codebase,
the point being – it should be
tougher to exploit it
• Slave has a bigger attack
surface that needs to be
„brokered‟ by the master
• Slave still directly interacts
with the OS Kernel
• Slave also has access to
certain user mode
components
14. Bromium Confidential
• Slave runs with low privileges
• restricted token
• job object
• desktop object
• integrity level
Chromium sandbox on Windows
15. Bromium Confidential
• How exhaustive is the OS-based confinement, according to
the documentation [2]?
• Mounted FAT or FAT32 volumes – no protection
• TCP/IP – no protection
• Access to most existing securable resources denied
• Everybody agrees it is good enough…
Chromium sandbox on Windows
17. Bromium Confidential
• How resistant is Master to a malicious Slave?
• This is what most authors focused on
• How resistant is OS to a malicious Slave?
• We focus on the last aspect
• Recently MWRLabs also bypassed Chrome using similar vector
Pwn2Own 2013[11]
Chromium sandbox on Windows
19. Bromium Confidential
• Exhaustive previous related work on methodology of
attacking the Master [3], [4]
• The first case of Adobe sandbox vulnerability exploited in
the wild reported in Feb 2013 [9]
• This escape possible because of a bug in Master
Master/slave type sandbox on Windows, Adobe
Reader
21. Bromium Confidential
• Slave de-privileged even more than stated in chrome
sandbox documentation
• “Untrusted” integrity level
• Particularly, access to FAT32 file system denied
Master/slave type sandbox on Windows, Chrome
browser
22. Bromium Confidential
• Well-known cases of successful attacks against the master
(shown at Pwnium[5], Pwn2own[6])
• The attacks against the master are complex and relatively
rare
Master/slave type sandbox on Windows,
Chrome browser
23. Bromium Confidential
• Slave can still exploit a kernel vulnerability
• bpf syscall filter on Linux - designed to limit exposure of OS #nice
• Some vulnerabilities are not exploitable by Slave
• If need to create a process
• If need to alter specific locations in the registry
• win32k.sys still much exposed
A vulnerability in win32k.sys can potentially be exploited at the
browser level, yielding full control over the machine directly, without
the need to achieve code execution in the sandbox first.
Master/slave type sandbox on Windows,
Chrome browser
26. Bromium Confidential
• Windows kernel issues are discovered increasingly
frequently
• 25 CVE for Windows kernel in 2012
• 73+ CVE till Sept 2013
• There have been attacks like Duqu that have targeted
kernel vulnerabilities
• Yes… it‟s a large attack surface
Is this a problem?
27. User Mode Exploitation
• Type A and Type B do not restrict
network connectivity for a
sandboxed process.
• The exception to this rule is
Google Chrome that has been
hardened to restrict TCP/IP
networking in case the renderer
got exploited.
• All vulns in these services are a
potential sandbox escape vector
• Even properly functioning code
can be abused
28. Bromium Confidential
• ALPC ports are a low-level mechanism used for
interprocess communication on the Windows OS. Again,
many Windows services listen on ALPC ports; if a
sandboxed code can connect to these services, it can
attempt to exploit a vulnerability in it.
• Type A sandboxes are wide open to all of these
ALPC Ports
29. ALPC Ports: Adobe Reader vs Chrome
Adobe Reader XI (version 11.0.3):
lkd> !alpc /lpp fffffa80052ffb30
Ports created by the process fffffa80052ffb30:
fffffa8004f9fb50('OLEB45817786DEF457D9394B3110F6
B') 0, 1 connections fffffa8005312070 0 ->
fffffa8005279990 0 fffffa80078ddb30('svchost.exe')
Ports the process fffffa80052ffb30 is connected to:
fffffa80053073c0 0 -> fffffa80078bf090('ApiPort') 0
fffffa8007ce3060('csrss.exe')
fffffa80050b7070 0 -> fffffa8007b4ea10('ThemeApiPort')
0 fffffa8007aaab30('svchost.exe')
fffffa800b4b9e60 0 -> fffffa8007912c30('lsasspirpc') 0
fffffa8007883210('lsass.exe')
fffffa8004f1adc0 0 -> fffffa8007b34e60('Audiosrv') 0
fffffa8007a1e9e0('svchost.exe')
fffffa8004f0e3f0 0 -> fffffa80079d4e60('epmapper') 31
fffffa80078ddb30('svchost.exe')
fffffa800535cb20 0 -> fffffa800798ea70('plugplay') 0
fffffa800797db30('svchost.exe')
Google Chrome browser (Version 27.0.1453.110 m)
lkd> !alpc /lpp fffffa80053a1060
Ports created by the process fffffa80053a1060:
<none>
Ports the process fffffa80053a1060 is connected to:
fffffa8005397b30 0 -> fffffa80078bf090('ApiPort') 0
fffffa8007ce3060('csrss.exe')
fffffa80052c8dd0 0 -> fffffa8007b4ea10('ThemeApiPort')
0 fffffa8007aaab30('svchost.exe')
30. Bromium Confidential
• “The vulnerability is caused by CSRSS improperly
validating permissions when a lower-integrity process
communicates a device event message to a higher-integrity
process.”
• Actually, the vulnerable versions of CSRSS performed no
validation or permission check at all, blindly executing
PostMessage with all parameters controllable by the peer.
• Errr... Shatter attack redux??
Example: CSRSS vulnerability (MS11-063)
34. Bromium Confidential
Conclusion
• Application sandboxes are fundamentally vulnerable to kernel mode and certain
user mode vulnerabilities on the OS
• Breaking out of a sandbox by exploiting OS vulns provides far better ROI for the
attackers
• In our analysis Type A were far easier to escape out than Type B #$$ #Chrome
• Definitely avoid malware analysis inside application sandboxes! #D‟0h!
35. Bromium Confidential
• Rafal Wojtczuk, Bromium Labs
• [1] http://www.sandboxie.com/
• [2] http://dev.chromium.org/developers/design-documents/sandbox
• [3] "A Castle Made of Sand - Adobe Reader X Sandbox" Richard Johnson
• [4] “Breeding Sandworms” - Zhenhua Liu, Guillaume Lovet
• [5] http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html
• [6] "Pwn2Own 2012: Google Chrome browser sandbox first to fall"
http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588
• [7] Dennis Fisher
http://threatpost.com/en_us/blogs/its-time-abandon-java-012113
• [8] BufferZone Pro, http://www.trustware.com/BufferZone-Pro/
• [9] arstechnica.com/security/2013/02/zero-day-attack-exploits-latest-version-of-adobe-reader/
• [10] Duqu malware, http://em.wikipedia.org/wiki/Duqu
• [11] https://labs.mwrinfosecurity.com/blog/2013/09/06/mwr-labs-pwn2own-2013-write-up---kernel-exploit/
Credits/References