Implementing a Sandbox in Windows

All off-topic discussion goes here.

Implementing a Sandbox in Windows

Postby Victor43 » Mon Sep 04, 2017 2:28 am

I have found out sandboxing involves hooking or can at the very least in order to intercept the call but how it is possible to implement whether or not to permit or deny the call ? Any thoughts or ideas anyone ? I've included a link to another forum where the discussion of hooking is at the forefront.

https://security.stackexchange.com/ques ... or-windows
Victor43
 
Posts: 46
Joined: Thu Dec 15, 2011 7:34 am
Location: Canada
Reputation point: 0

Re: Implementing a Sandbox in Windows

Postby Vrtule » Mon Sep 04, 2017 12:56 pm

The sanbox may take advantage of interfaces that allow you to make block/permit decisions on the fly. Such interfaces exist for filtering registry, file system, network and process/thread accesses.

However, there are also mechanisms that permits you to only block the access (Windows security model in general (DACLs, integrity levels, UIPI, ...), job objects...). Probably the best approach is to run the sandboxed code with the least privileges possible (or no privileges at all) and hook functions for which more privileges are required. When the coce uses the hooked routines, you may filter the calls yourself and allow it to perform certain actions (that cannot be performed with zero privileges). When it decides not to use the hooked routines, it actually attempts to bypass them, it cannot do anything interesting since it has no privileges.
User avatar
Vrtule
 
Posts: 412
Joined: Sat Mar 13, 2010 9:14 pm
Location: Czech Republic
Reputation point: 92

Re: Implementing a Sandbox in Windows

Postby N3mes1s » Tue Sep 05, 2017 5:40 am

It's not exactly what you're looking for, but it could be a good start:

https://blog.trailofbits.com/2017/08/02 ... -so-i-did/
N3mes1s
 
Posts: 41
Joined: Wed Mar 09, 2011 5:17 pm
Reputation point: 5

Re: Implementing a Sandbox in Windows

Postby Victor43 » Fri Sep 15, 2017 4:09 am

Thanks to both replies.
Victor43
 
Posts: 46
Joined: Thu Dec 15, 2011 7:34 am
Location: Canada
Reputation point: 0


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 1 guest