Security Sandbox mechanism of Flash Player 10 (Flex 4)

Note: It is the security sandbox of Flash Player 10. That is to say, not only the SWF compiled by Flex, but all SWF follow the Adobe White Paper.

Flash Player security models prevent the following three types of violations:
• Access data without authorization:
Local disks, online disks, Web servers, and data in memory.
• Access terminal user information without authorization:
It may include personal information and financial data, as well as terminal users' security settings for Flash Player.
• Access the resources of the host machine without authorization:
Controls applications, devices, and system resources.

In
In computer systems, correct operations and resource protection can ensure the interests of many types of users. This is particularly important in the Flash Security Model. Some environments obtain the code to be executed in multiple ways, such
Flash Player is made by Adobe, And the SWF running in it is another source. These environments also read data from other websites and run programs on the local machine.

In the flash operating environment, Adobe assumes that security and privacy are related to the following roles:

Administrator:

The Security Information set by the Administrator is saved in mms. cfg. For example, access a computer's camera or audio input device. Permission for accessing local files, uploading and downloading files.
Global Trust files when installing the FLASH application, you can specify the local file or path as trusted.

This refers to the highest privilege user of the system, the Administrator under Win, Linux
. There are two types of control:

A) mms. cfg file: data loading, privacy control, Flash Player Update, support for old files, local file security, full screen mode, etc.

B). "Global Flash Player
Trust "Directory: when some SWF files are specified to this trusted directory, these SWF files
Files are allocated to trusted local sandboxes. They can interact with any other SWF file, or load data from any location (remotely or locally. Default path of the trusted directory
C:/Windows/system32/macromed/flash/flashplayertrust.

User:

Set manager and set UI dialog box. Access to cameras and audio devices. When the legacy FLASH application tries to access protected resources in the new Flash Player, flash player will issue a warning to the user.
User trust files when installing the FLASH application, the installer can specify the local file or path as trusted.

Compared with the 1st types, users here refer to common users. There are three types of controls:

A) camera and microphone settings: Do you still remember the flash demo of clickjacking?

B) Shared Object Storage settings: that is the sharedobject.

C) compared with the "Global Flash Player Trust" directory, the user permission also has a "User Flash Player Trust" directory. Default path: C:/Documents and Settings/johnd/Application Data/Macromedia/Flash Player/# Security/flashplayertrust.

Website administrator:

The URL policy file determines whether the FLASH application can access resources on the domain.
The socket policy file, which is used to authorize the link to The ActionScript socket layer.
URL meta-policy and socket meta-policy. Meta-policy is a "policy-based policy" set by the Administrator. It determines what policy files are allowed to exist on the server.

 

It is a well-known crossdomain. xml file. The current security policy is that the file can only be stored in the root directory of the site. The file format is as follows:

<? XML version = "1.0"?>

<Cross-domain-Policy>

<Allow-access-from domain = "*"/>

</Cross-Domain-Policy>

Author:

Flash Player provides Secure Access APIs for cross-script APIs and cross-domain data access.

Developers can specify the security control permissions allowed by encoding (in the As script), such:

Security. allowdomain ("www. xeye. Us ");

Flash Player Security System Architecture

Basic sandbox Security Model

Sandbox is the logical security group that Flash Player uses to hold program resources. All resources in the sandbox are controlled by the sandbox owner. Sandbox is independent of operating systems, file systems, networks, and other applications.

When Flash Player loads a SWF file, the program is automatically allocated to a specific sandbox. Programs running in the same sandbox can interact freely. If security rules are configured, programs in different sandboxes can interact with each other.

The authors of SWF files can use the read-only static security. sandboxtype attribute to determine the sandbox type that Flash Player assigns to the SWF file. The security class includes constants that indicate the possible values of the Security. sandboxtype attribute:

Security. Remote: SWF files are from Internet URLs and comply with Sandbox rules.

Security. local_with_file: the SWF file is a local file, but it is not trusted by the user and is not published using the network name. This SWF file can read data from a local data source but cannot communicate with the Internet.

Security. local_with_network: the SWF file is a local file and has not been trusted by the user, but has been published using the network name. This SWF file can communicate with the internet, but cannot read data from the local data source.

Security. local_trusted: the SWF file is a local file, and you have used the "Settings manager" or Flash Player to trust the configuration file. This SWF file can read data from a local data source or communicate with the Internet.

In the Security Sandbox, The swfin a.comcan be used to access all resources in the same domain. for example, a1.swfcan read a2.swf or A3 and A4 files.

However, resources in different domains cannot access each other. For example, SwF on a.com can only send messages to B .com, but cannot read any resources under B .com.

Only when B .com sets a policy file and allows a.com to access it can the SWF file from a.com be able to access B .com resources (for example, using ActionScript urlloader. Load ()).

Only the SWF of B .com uses the Security. allowdomain () method to allow a.com access (for example, calling the SWF code in B .com). In this way, SwF from a.com can access SWF under B .com.

Sandbox mechanism in a specific range

Network files:
All resources are in the network Sandbox Model, which complies with the Basic Security Sandbox Model. In addition, resources in each domain are allocated to the corresponding sandbox.

Local file:
The local file sandbox also conforms to the Basic Security Sandbox Model, but they have different default settings. The file address is a local file that complies with the "file: //" or UNC path (Unified Naming Convention) and does not contain IP addresses or domain names.

Three local file sandbox models:

• Local-with-filesystem
• Local-with-networking
• Local-trusted

By default, local SWF will be run in the local-with-filesystem sandbox. programs in this sandbox can access local resources, but cannot access network resources, unless the system considers the network resource as a local file.

Ben

When local SWF is compiled, add the compilation parameter use-network = true. During the runtime, the file will be placed in the local-with-networking sandbox. Default
In this sandbox, SwF cannot access the scripts of other SWF files. Only security. allowdomain () can access-

SWF files in the with-networking sandbox or local-trusted sandbox. However, local-with-file-system is not allowed,
This is to prevent local SWF files from being stolen with network SWF.