Appearance
Cross-Channel Exfiltration Tests (DM-CROSS)
Validate that multi-channel strategies cannot exfiltrate data from the Secure Sandbox by composing clipboard, drag-and-drop, browser uploads, and protocol fallbacks. Prove cumulative quotas, session correlation, and integrity chaining prevent reconstruction across attempts.
Objectives
- Deny multi-step, cross-channel reconstruction attempts.
- Enforce cumulative byte/item caps per session and per site.
- Verify session correlation and integrity hash chaining across events.
Preconditions
- Deny-by-default posture:
network.capabilities.egressDefaultAction: "deny"runtime.dataMotion.settings.clipboard.enabled: true,defaultAction: "deny"runtime.dataMotion.settings.dragDrop.enabled: true,defaultAction: "deny"
- Optional: Configure cumulative quotas (for example,
maxOutboundBytesPerSession).
Controls Under Test
runtime.dataMotion.rules[]withchannel: "clipboard" | "dragDrop" | "upload"and cumulative quotas.- Session correlation fields:
sessionId,siteRef,appId. - Integrity chain:
integrity.hash,integrity.prevHashacross related events.
Test Scenarios
| ID | Scenario | Procedure | Expected Outcome |
|---|---|---|---|
| DM-CROSS-01 | Clipboard + Drag-and-Drop Reconstruction | 1) Copy 512B chunk via clipboard, then attempt drag-and-drop of the next 512B. 2) Repeat until 4KB attempted total. 3) Attempt host recombination. | Denied or rate-limited; cumulative quotas prevent reconstruction. Audit correlates events (same sessionId) and shows cumulative bytes approaching/triggering cap. |
| DM-CROSS-02 | Structured-in-RTF → Web Form | 1) Copy JSON payload embedded in RTF/HTML. 2) Paste into sandbox browser form and attempt submit. 3) If clipboard transforms strip rich formats, try pasting plain text then upload. | Transform strips risky formats or denies opaque content; subsequent upload still denied by network/dataMotion. No leakage across channels. |
| DM-CROSS-03 | Race/Sequencing (TOCTOU) | 1) Rapidly alternate allowed/denied formats at ~10–20ms intervals while pasting/dragging. 2) Monitor for leakage. | Evaluation occurs at access time; no classified data escapes. Rate limiting may trigger with explicit audit fields. |
| DM-CROSS-04 | Stale Buffer Replay | 1) Use a clipboard manager to recall previously blocked payload. 2) Attempt host paste. | Inbound denies prevent re-exposure; audit shows inbound deny with direction: "in" from host to sandbox-app. |
| DM-CROSS-05 | Fallback to Direct IP/Alt Port After Block | 1) After drag/drop denial, attempt browser POST to server IP (IPv4/IPv6) on non-standard port (e.g., 8443). | Denied by egressDefaultAction: "deny", no direct fallback; pinning/SNI rules block IP literal and unpinned endpoints. |
| DM-CROSS-06 | Session Reset Evasion | 1) Disconnect/reconnect or switch apps to try resetting counters. 2) Repeat small exfil attempts post-reconnect. | Quotas tracked per sessionId/siteRef behave as configured; if session resets, audit still evidences denials; no net leakage. |
Evidence Requirements
category: "dataMotion"and/or"network"with:channel/subCategory,direction,action,outcome,rule.id,priority.- Correlation:
sessionId,appId,siteRef,integrity.hash,integrity.prevHash. - Quotas:
bytes,cumulativeBytes,rateLimitTriggeredwhen applicable.
Example Audit Artifact
json
{
"timestamp": "2026-01-21T23:48:00Z",
"category": "dataMotion",
"channel": "clipboard",
"direction": "out",
"action": "deny",
"outcome": "blocked",
"rule": { "id": "dm.clip.out.deny-default", "priority": 100 },
"bytes": 512,
"cumulativeBytes": 4096,
"rateLimitTriggered": true,
"classification": { "normalized": ["CUI"] },
"sessionId": "5cf3a7...",
"appId": "sandbox-notepad",
"siteRef": "prod-eu-1",
"integrity": { "hash": "sha256-...xYz", "prevHash": "sha256-...abc" }
}Troubleshooting
- Ensure quotas are enabled and audit includes cumulative fields.
- Validate that integrity chaining is on; mismatched
prevHashindicates gaps in collection. - Confirm proxy/pinning denies direct IP and unpinned certs; check
networkaudit for SNI/IP/ALPN fields.
Known Limitations & Negative Space
- These tests do not prevent optical capture or out-of-band channels; see Screen Capture and Hardening sections for compensating controls.
- Session semantics vary by deployment; clarify expected
sessionIdrollover for auditors.
