Native Client: A Sandbox for Portable, Untrusted x86 Native Code

Yee, Bennet; Sehr, David; Dardyk, Gregory; Chen, J. Bradley; Muth, Robert; Ormandy, Tavis; Okasaka, Shiki; Narula, Neha; Fullagar, Nicholas

doi:10.1109/sp.2009.25

Cited by 452 publications

(393 citation statements)

References 24 publications

Supporting

Mentioning

374

Contrasting

Unclassified

Order By: Relevance

“…Enforcement of usage control requirements has been done at the OS level [26,27,3], at the X11 level [4], for Java [11,12,28], the .NET CIL [13] and machine languages [14,15,29]; at the level of an enterprise service bus [16]; for dedicated applications such as the Internet Explorer [17] and in the context of digital rights management [18][19][20]. These solutions focus on one of the two aspects of the problem: either data flow tracking or event-driven usage control.…”

Section: Related Workmentioning

confidence: 99%

“…opened, (lines 12-15) at most 4 further times and within 30 seconds (1 timestep = 1 second) after the first use (lines [8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27]; further attempts of opening the file will result in opening a predefined error message (lines 28-34).…”

Section: B1 Operating Systemmentioning

confidence: 99%

“…We do not discuss performance nor policy management either. Contribution Data flow tracking at specific layers of abstraction has been done in a multitude of ways [3,4,[11][12][13][14][15][16][17][18][19][20], also in the form of information flow analyses where implicit flows are also taken into account [21,22]. As far as we are aware, this work ends where sensitive (or tainted) data is moved to illegal sinks, e.g., when a file is written or an http post request is sent.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Representation-Independent Data Usage Control

Pretschner

Lovat

Büchler

2012

Data Privacy Management and Autonomous Spontaneus Security

View full text Add to dashboard Cite

Abstract. Usage control is concerned with what happens to data after access has been granted. In the literature, usage control models have been defined on the grounds of events that, somehow, are related to data. In order to better cater to the dimension of data, we extend a usage control model by the explicit distinction between data and representation of data. A data flow model is used to track the flow of data in-between different representations. The usage control model is then extended so that usage control policies can address not just one single representation (e.g., delete file1.txt after thirty days) but rather all representations of the data (e.g., if file1.txt is a copy of file2.txt, also delete file2.txt). We present three proof-of-concept implementations of the model, at the operating system level, at the browser level, and at the X11 level, and also provide an ad-hoc implementation for cross-layer enforcement.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: B1 Operating Systemmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Representation-Independent Data Usage Control

Pretschner

Lovat

Büchler

2012

Data Privacy Management and Autonomous Spontaneus Security

View full text Add to dashboard Cite

show abstract

“…To mitigate the threats from dynamic libraries, a range of solutions have been proposed to isolate program components to control their privilege [5,6,16,18]. Most solutions adopt a separated memory model: a component can only access its own memory, which is mutually exclusive with the memory of the main program.…”

Section: Introductionmentioning

confidence: 99%

“…We use NativeClient (NaCl) [18] as an example to illustrate the need for a transparent library security mechanism. NaCl is designed for isolating untrusted native browser plugins.…”

Section: Introductionmentioning

confidence: 99%

Codejail: Application-Transparent Isolation of Libraries with Tight Program Interactions

Sathyanarayan

Yap

et al. 2012

Computer Security – ESORICS 2012

View full text Add to dashboard Cite

Abstract. Dynamically linked libraries are commonly used in software programs to facilitate code reuse. Once a library is linked into a software program, a bug in the library can lead to compromise of the whole program. Moreover, the library may also contain malicious code. Existing solutions for software component isolation assume simple interactions between a library and the main program, otherwise, they require significant modification of the main program and the library. In this paper, we propose a novel solution, Codejail, which supports a partial isolation of libraries that have tight memory interactions with the main program. Codejail requires no modification to the main program or the library. We demonstrate using a Linux prototype that Codejail can work easily with real-world programs and libraries. The performance is good for a portable implementation with costs commensurate with the degree of tight interaction.

show abstract

A framework for application partitioning using trusted execution environments

Atamli-Reineh

Paverd

Petracca

et al. 2017

Concurrency and Computation

View full text Add to dashboard Cite

Summary The size and complexity of modern applications are the underlying causes of numerous security vulnerabilities. In order to mitigate the risks arising from such vulnerabilities, various techniques have been proposed to isolate the execution of sensitive code from the rest of the application and from other software on the platform (such as the operating system). New technologies, notably Intel's Software Guard Extensions (SGX), are becoming available to enhance the security of partitioned applications. SGX provides a trusted execution environment (TEE), called an enclave, that protects the integrity of the code and the confidentiality of the data inside it from other software, including the operating system (OS). However, even with these partitioning techniques, it is not immediately clear exactly how they can and should be used to partition applications. How should a particular application be partitioned? How many TEEs should be used? What granularity of partitioning should be applied? To some extent, this is dependent on the capabilities and performance of the partitioning technology in use. However, as partitioning becomes increasingly common, there is a need for systematisation in the design of partitioning schemes. To address this need, we present a novel framework consisting of four overarching types of partitioning schemes through which applications can make use of TEEs. These schemes range from coarse‐grained partitioning, in which the whole application is included in a single TEE, through to ultra‐fine partitioning, in which each piece of security‐sensitive code and data is protected in an individual TEE. Although partitioning schemes themselves are application specific, we establish application‐independent relationships between the types we have defined. Because these relationships have an impact on both the security and performance of the partitioning scheme, we envisage that our framework can be used by software architects to guide the design of application partitioning schemes. To demonstrate the applicability of our framework, we have carried out case studies on two widely used software packages, the Apache Web server and the OpenSSL library. In each case study, we provide four high‐level partitioning schemes—one for each of the types in our framework. We also systematically review the related work on hardware‐enforced partitioning by categorising previous research efforts according to our framework. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

Native Client: A Sandbox for Portable, Untrusted x86 Native Code

Cited by 452 publications

References 24 publications

Representation-Independent Data Usage Control

Representation-Independent Data Usage Control

Codejail: Application-Transparent Isolation of Libraries with Tight Program Interactions

A framework for application partitioning using trusted execution environments

Contact Info

Product

Resources

About