Practical Sandboxing: Techniques for Isolating Processes presented at BlackHatDC 2007

by David Leblanc,

Summary : The sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. The combination of restricted tokens, job objects, and desktop changes needed to seriously isolate a process will be demonstrated, along with a demonstration of why each layer is needed.