How not to lie with statistics: the correct way to summarize benchmark results
Communications of the ACM - The MIT Press scientific computation series
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
The structure and performance of interpreters
Proceedings of the seventh international conference on Architectural support for programming languages and operating systems
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Recursive functions of symbolic expressions and their computation by machine, Part I
Communications of the ACM
A framework for reducing the cost of instrumented code
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Java Virtual Machine Specification
Java Virtual Machine Specification
MiSFIT: Constructing Safe Extensible Systems
IEEE Concurrency
Vmgen: a generator of efficient virtual machine interpreters
Software—Practice & Experience
Efficient implementation of the smalltalk-80 system
POPL '84 Proceedings of the 11th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A brief history of just-in-time
ACM Computing Surveys (CSUR)
Exploiting Self-Modification Mechanism for Program Protection
COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
Compiling for template-based run-time code generation
Journal of Functional Programming
Improving the reliability of commodity operating systems
ACM Transactions on Computer Systems (TOCS)
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Efficient and effective array bound checking
ACM Transactions on Programming Languages and Systems (TOPLAS)
Strengthening Software Self-Checksumming via Self-Modifying Code
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Experiences with Multi-threading and Dynamic Class Loading in a Java Just-In-Time Compiler
Proceedings of the International Symposium on Code Generation and Optimization
Dynamic instrumentation of production systems
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
XFI: software guards for system address spaces
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Evaluating SFI for a CISC architecture
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
O'browser: objective caml on browsers
Proceedings of the 2008 ACM SIGPLAN workshop on ML
A new approach to the functional design of a digital computer
IRE-AIEE-ACM '61 (Western) Papers presented at the May 9-11, 1961, western joint IRE-AIEE-ACM computer conference
Isolating web programs in modern browser architectures
Proceedings of the 4th ACM European conference on Computer systems
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Fast byte-granularity software fault isolation
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Verified just-in-time compiler on x86
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Lightweight, robust adaptivity for software transactional memory
Proceedings of the twenty-second annual ACM symposium on Parallelism in algorithms and architectures
Robusta: taming the native beast of the JVM
Proceedings of the 17th ACM conference on Computer and communications security
Secure dynamic code generation against spraying
Proceedings of the 17th ACM conference on Computer and communications security
Adapting software fault isolation to contemporary CPU architectures
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Capsicum: practical capabilities for UNIX
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Fay: extensible distributed tracing from kernels to clusters
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Combining control-flow integrity and static analysis for efficient and validated data sandboxing
Proceedings of the 18th ACM conference on Computer and communications security
Parallel programming for the web
HotPar'12 Proceedings of the 4th USENIX conference on Hot Topics in Parallelism
JavaScript in JavaScript (js.js): sandboxing third-party scripts
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
Establishing browser security guarantees through formal shim verification
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
Fay: Extensible Distributed Tracing from Kernels to Clusters
ACM Transactions on Computer Systems (TOCS)
Monitor integrity protection with space efficiency and separate compilation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Librando: transparent code randomization for just-in-time compilers
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A versatile code execution isolation framework with security first
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Canon-MPC, a system for casual non-interactive secure multi-party computation using native client
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Control flow integrity for COTS binaries
SEC'13 Proceedings of the 22nd USENIX conference on Security
Bringing java's wild native world under control
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 2013 workshop on New security paradigms workshop
| Hi-index | 0.00 |
When dealing with dynamic, untrusted content, such as on the Web, software behavior must be sandboxed, typically through use of a language like JavaScript. However, even for such specially-designed languages, it is difficult to ensure the safety of highly-optimized, dynamic language runtimes which, for efficiency, rely on advanced techniques such as Just-In-Time (JIT) compilation, large libraries of native-code support routines, and intricate mechanisms for multi-threading and garbage collection. Each new runtime provides a new potential attack surface and this security risk raises a barrier to the adoption of new languages for creating untrusted content. Removing this limitation, this paper introduces general mechanisms for safely and efficiently sandboxing software, such as dynamic language runtimes, that make use of advanced, low-level techniques like runtime code modification. Our language-independent sandboxing builds on Software-based Fault Isolation (SFI), a traditionally static technique. We provide a more flexible form of SFI by adding new constraints and mechanisms that allow safety to be guaranteed despite runtime code modifications. We have added our extensions to both the x86-32 and x86-64 variants of a production-quality, SFI-based sandboxing platform; on those two architectures SFI mechanisms face different challenges. We have also ported two representative language platforms to our extended sandbox: the Mono common language runtime and the V8 JavaScript engine. In detailed evaluations, we find that sandboxing slowdown varies between different benchmarks, languages, and hardware platforms. Overheads are generally moderate and they are close to zero for some important benchmark/platform combinations.