Description: In recent years, the focus of black hats has moved from finding vulnerabilities in the operating system to application software. This shift in their focus has been facilitated by the emergence of publicly available fuzzing frameworks that help easy discovery of vulnerabilities in desktop applications. These vulnerabilities enable attackers to steal data from the victims and to install back doors through which the attackers can return for further exploitation. They thus pose a huge risk.
Majority of these attacks target ubiquitous and popularly used applications like Adobe Reader, Flash Player and Microsoft Office Suite. In an era where IT drives business, security breaches in software can cause huge credibility losses for the software vendors. In response to this problem, vendors are trying to improve the security of their applications by implementing newer security measures. Sandbox is one such technology which protects the system from being compromised even if the attacker succeeds in finding vulnerability in the application code. This is achieved by limiting the capabilities of the sandbox process so that it cannot install malware or steal data from the user’s machine. The sandbox thus provides defense-in-depth protection against un-patched or unknown vulnerabilities in the core
application.
This paper intends to explain “sandboxing” as a technique for threat mitigation. It gives technical details of how to implement sandboxing while developing windows applications, taking Adobe Reader (version X) as a case study. The paper also explains the mitigation provided by the sandbox design and the typical challenges that come about while implementing such a technology in one’s application.
Tags: nullcon null nullcon.net null.co.in Sandboxing Sandbox "Security Conference" "IT Security Conferee" ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.