Skip to content

Cross-Channel Exfiltration Tests (DM-CROSS)

Validate that multi-channel strategies cannot exfiltrate data from the Secure Sandbox by composing clipboard, drag-and-drop, browser uploads, and protocol fallbacks. Prove cumulative quotas, session correlation, and integrity chaining prevent reconstruction across attempts.

Objectives

  • Deny multi-step, cross-channel reconstruction attempts.
  • Enforce cumulative byte/item caps per session and per site.
  • Verify session correlation and integrity hash chaining across events.

Preconditions

  • Deny-by-default posture:
    • network.capabilities.egressDefaultAction: "deny"
    • runtime.dataMotion.settings.clipboard.enabled: true, defaultAction: "deny"
    • runtime.dataMotion.settings.dragDrop.enabled: true, defaultAction: "deny"
  • Optional: Configure cumulative quotas (for example, maxOutboundBytesPerSession).

Controls Under Test

  • runtime.dataMotion.rules[] with channel: "clipboard" | "dragDrop" | "upload" and cumulative quotas.
  • Session correlation fields: sessionId, siteRef, appId.
  • Integrity chain: integrity.hash, integrity.prevHash across related events.

Test Scenarios

IDScenarioProcedureExpected Outcome
DM-CROSS-01Clipboard + Drag-and-Drop Reconstruction1) Copy 512B chunk via clipboard, then attempt drag-and-drop of the next 512B.
2) Repeat until 4KB attempted total.
3) Attempt host recombination.
Denied or rate-limited; cumulative quotas prevent reconstruction. Audit correlates events (same sessionId) and shows cumulative bytes approaching/triggering cap.
DM-CROSS-02Structured-in-RTF → Web Form1) Copy JSON payload embedded in RTF/HTML.
2) Paste into sandbox browser form and attempt submit.
3) If clipboard transforms strip rich formats, try pasting plain text then upload.
Transform strips risky formats or denies opaque content; subsequent upload still denied by network/dataMotion. No leakage across channels.
DM-CROSS-03Race/Sequencing (TOCTOU)1) Rapidly alternate allowed/denied formats at ~10–20ms intervals while pasting/dragging.
2) Monitor for leakage.
Evaluation occurs at access time; no classified data escapes. Rate limiting may trigger with explicit audit fields.
DM-CROSS-04Stale Buffer Replay1) Use a clipboard manager to recall previously blocked payload.
2) Attempt host paste.
Inbound denies prevent re-exposure; audit shows inbound deny with direction: "in" from host to sandbox-app.
DM-CROSS-05Fallback to Direct IP/Alt Port After Block1) After drag/drop denial, attempt browser POST to server IP (IPv4/IPv6) on non-standard port (e.g., 8443).Denied by egressDefaultAction: "deny", no direct fallback; pinning/SNI rules block IP literal and unpinned endpoints.
DM-CROSS-06Session Reset Evasion1) Disconnect/reconnect or switch apps to try resetting counters.
2) Repeat small exfil attempts post-reconnect.
Quotas tracked per sessionId/siteRef behave as configured; if session resets, audit still evidences denials; no net leakage.

Evidence Requirements

  • category: "dataMotion" and/or "network" with: channel/subCategory, direction, action, outcome, rule.id, priority.
  • Correlation: sessionId, appId, siteRef, integrity.hash, integrity.prevHash.
  • Quotas: bytes, cumulativeBytes, rateLimitTriggered when applicable.

Example Audit Artifact

json
{
  "timestamp": "2026-01-21T23:48:00Z",
  "category": "dataMotion",
  "channel": "clipboard",
  "direction": "out",
  "action": "deny",
  "outcome": "blocked",
  "rule": { "id": "dm.clip.out.deny-default", "priority": 100 },
  "bytes": 512,
  "cumulativeBytes": 4096,
  "rateLimitTriggered": true,
  "classification": { "normalized": ["CUI"] },
  "sessionId": "5cf3a7...",
  "appId": "sandbox-notepad",
  "siteRef": "prod-eu-1",
  "integrity": { "hash": "sha256-...xYz", "prevHash": "sha256-...abc" }
}

Troubleshooting

  • Ensure quotas are enabled and audit includes cumulative fields.
  • Validate that integrity chaining is on; mismatched prevHash indicates gaps in collection.
  • Confirm proxy/pinning denies direct IP and unpinned certs; check network audit for SNI/IP/ALPN fields.

Known Limitations & Negative Space

  • These tests do not prevent optical capture or out-of-band channels; see Screen Capture and Hardening sections for compensating controls.
  • Session semantics vary by deployment; clarify expected sessionId rollover for auditors.