Microsoft Azure Security Lab – Research Challenge Archive

You can find past Azure Security Lab research challenges on this page. To learn more about the current research challenge, visit our Azure Security Lab program page.

AZURE SPHERE SECURITY RESEARCH CHALLENGE - CLOSED

The Azure Sphere Security Research Challenge is now closed. This research challenge aimed to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution that includes hardware, OS and cloud components. This three-month, application-only security research challenge offered special bounty awards and provided program participants research resources. This research challenge ran from June 1, 2020 through August 31, 2020 for researchers accepted through open application.

Research Scenarios and Bounty Award [CLOSED]

We award up to $100,000 bounty for scenarios in the Azure Sphere Security Research Challenge during the program period. To learn more about the Azure Sphere architecture, terminology, and everything you need to get started with the research scenarios, visit Azure Sphere Documentation.

Scenario	Award
Ability to execute code on Pluton	$100,000
Ability to execute code on Secure World	$100,000
General Scenarios Ability to execute code on NetworkD through local attack (compromised customer application) or remotely (external network) Anything allowing execution of unsigned code that isn’t pure return oriented programming (ROP) under Linux Ability to spoof device authentication: The handshaking for device attestation and authentication (DAA) that authenticates a device is running proper software Anything allowing elevation of privilege outside of the capabilities described in the application manifest (e.g. changing user ID, adding access to a binary) Ability to modify software and configuration options (except full device reset) on a device in the manufacturing state DeviceComplete when claimed to a tenant you are not signed into and have no saved capabilities for Ability to alter the firewall allowing communication out to other domains not in the app manifest (note: not DNS poisoning)	Eligible vulnerability reports will receive the public Azure Bounty Program awards with additional awards: 20% additional awards for vulnerabilities rated Critical 10% additional awards for vulnerabilities rated Important

Scenario

Award

Ability to execute code on Pluton

$100,000

Ability to execute code on Secure World

$100,000

General Scenarios

Ability to execute code on NetworkD through local attack (compromised customer application) or remotely (external network)
Anything allowing execution of unsigned code that isn’t pure return oriented programming (ROP) under Linux
Ability to spoof device authentication: The handshaking for device attestation and authentication (DAA) that authenticates a device is running proper software
Anything allowing elevation of privilege outside of the capabilities described in the application manifest (e.g. changing user ID, adding access to a binary)
Ability to modify software and configuration options (except full device reset) on a device in the manufacturing state DeviceComplete when claimed to a tenant you are not signed into and have no saved capabilities for
Ability to alter the firewall allowing communication out to other domains not in the app manifest (note: not DNS poisoning)

Eligible vulnerability reports will receive the public Azure Bounty Program awards with additional awards:

20% additional awards for vulnerabilities rated Critical
10% additional awards for vulnerabilities rated Important

This research challenge was focused on the Azure Sphere OS. Vulnerabilities found outside the research challenge scope, including the Cloud portion, might be eligible for the public Azure Bounty Program awards. Physical attacks were out of scope for this research challenge and the public Azure Bounty Program.

Microsoft retains sole discretion in determining award amounts and which submissions are eligible and in scope.

Resources for Program Participants [CLOSED]

The Azure Sphere Security Research Challenge also provided resources to support research, including:

Azure Sphere development kit (DevKit)
Access to Microsoft products and services for research purposes
Azure Sphere product documentation
Direct communication channel with the Microsoft team

Azure Sphere Security Research Challenge Partners

AZURE SECURITY LAB SCENARIO CHALLENGE - CLOSED

Scenario	Requirement	Award
Virtual Machine (VM) Escape: Demonstrate a functional exploit enabling an escape from a guest VM to the host	Within the isolated environment provided by the Azure Security Lab Initiative (registered researchers only)	$300,000
Denial of Service (DoS) of the host: demonstrate a method of persistent denial of service to the Azure host	Within the isolated environment provided by the Azure Security Lab Initiative (registered researchers only)	$50,000
Elevation of Privilege: Obtain administrative access to the Azure Security Lab subscription	Open to all	$300,000

Scenario

Requirement

Award

Virtual Machine (VM) Escape:

Demonstrate a functional exploit enabling an escape from a guest VM to the host

Within the isolated environment provided by the Azure Security Lab Initiative (registered researchers only)

$300,000

Denial of Service (DoS) of the host:

demonstrate a method of persistent denial of service to the Azure host

Within the isolated environment provided by the Azure Security Lab Initiative (registered researchers only)

$50,000

Elevation of Privilege:

Obtain administrative access to the Azure Security Lab subscription

Open to all

$300,000

The isolated environment provided by Azure Security Lab is a set of dedicated cloud hosts for security researchers to test attacks against IaaS scenarios in isolation from Azure customers, while also being able to engage directly with Microsoft Azure security experts.

REVISION HISTORY

May 5, 2020: Past Azure Security Lab scenarios are now on a separate program page archive.
September 1, 2020: The Azure Sphere Security Research Challenge has been moved to the program page archive.