Resource leakage is one of the important defects of sandbox escape.The existing browser sandbox testing methods are insufficient to discovery leak resources.Based on most leaking resources have same or similar attribute values,this paper designed a resource-leakage oriented browser testing method.The method firstly analyzes resources attributes and create resource selecting rules,secondly,Calculates the escape index of every resource of system and use threshold to select testing resources; thirdly,Design and Implement a prototype system-Browser Sandbox Testing System(BSTS) and analysis the capability of our method,then we select and test some browser sandboxes,in the end,We found an undisclosed resource leakage vulnerability.
[1] VREUGDENHIL P.Adobe Sandbox When The Broker is Broken[OL].https://cansecwest.com/csw13archive.html,2016-01-27.
[2] NIST.CVE-2011-1353[OL].https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1353,2016-01-03.
[3] YASON M V.Diving into IE 10's Enhanced Protected Mode Sandbox[OL].https://www.blackhat.com/html/bh-media-archives/bh-archives-2013.html,2016-01-07.
[4] NIST.CVE-2013-3186[OL].https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3186,2015-01-22.
[5] NIST.CVE-2013-4015[OL].https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4015,2016-01-03.
[6] KEETCH T.Escaping from Protected Mode Internet Explorer[OL].http://archive.hack.lu/2010/Keetch-Escaping-from-Protected-Mode-Internet-Explorer-slides.ppt,2015-12-13.
[7] YASON M V.Understanding the Attack Surface and Attack Resilience of Project Spartans New EdgeHtml Rendering Engine[OL].https://www.blackhat.com/html/bh-media-archives/bh-archives-2015.html,2015-03-05.
[8] FORSHAW J.Digging for Sandbox Escapes Finding sandbox breakouts in Internet Explorer[OL].https://www.blackhat.com/html/bh-media-archives/bh-archives-2014.html,2015-12-15.
[9] FORSHAW J.The Windows Sandbox Paradox[OL].http://nullcon.net/website/archives/ppt/goa-15/the-windows-sandbox-paradox.pdf,2015-12-11.
[10] LI Xiao-ning,LI Hai-fei.Smart COM Fuzzing-Auditing IE Sandbox Bypass in COM Objects[OL].https://cansecwest.com/slides/2015/Smart_COM_Fuzzing_Auditing_IE_Sandbox_Bypass_in_COM_Objects-Xiaoning_li.pdf,2015-11-13.
[11] LIU Zhen-hua,LOVET G.Breeding Sandworms:How to fuzz your way out of Adobe Reader's Sandbox[OL].http://media.blackhat.com/bh-eu-12/Liu_Lovet/bh-eu-12-Liu_Lovet-Sandworms-WP.pdf,2016-01-05.
[12] CUI Bao-jiang,JI Yu-peng,WANG Jian-xin.An instruction-level symbolic checksum system for Windows X86 program[J].Chinese Journal of Electronics,2012,21(1):22-26.
[13] CUI Bao-jiang,LIANG Xiao-bing,ZHAO Bing,et al.Detecting integer overflow vulnerabilities in binary executables based on target filtering and dynamic taint tracing[J].Chinese Journal of Electronics,2014,23(2):348-352.
[14] 王颖,谷利泽,杨义先,等.EWFT:基于程序执行过程的白盒测试工具[J].电子学报,2014,42(10):2016-2023.DOI:10.3969/j.issn.0372-2112.2014.10.023. WANG Ying,GU Li-ze,YANG Yi-xian,et al.EWFT:execution-based whitebox fuzzing for executables[J].Acta Electronica Sinia,2014,42(10):2016-2023.DOI:10.3969/j.issn.0372-2112.2014.10.023.(in Chinese)
[15] 欧阳永基,魏强,王清贤,等.基于异常分布导向的智能Fuzzing方法[J].电子与信息学报,2015,37(1):143-149.DOI:10.11999/JEIT140262. OUYANG Y J,WEI Q,WANG Q X,et al.Intelligent fuzzing based on exception distribution steering[J].Journal of Electronics& Information Technology,2015,37(1):143-149.DOI:10.11999/JEIT140262.(in Chinese)
[16] MA Yong-bin.Ontology of Operating System[OL].http://medianet.kent.edu/techreports/TR2006-09-01-OSontology/index.html,2015-04-08.
[17] ONKI.Operating system Ontology[OL].https://onki.fi/en/browser/overview/operating-system,2015-03-09.
[18] 张文修,吴伟志,梁吉业,等.粗糙集理论与方法[M].北京:科学出版社,2001:19-32.