2019
DOI: 10.1007/978-3-030-17184-1_18
|View full text |Cite
|
Sign up to set email alerts
|

Compiling Sandboxes: Formally Verified Software Fault Isolation

Abstract: Software Fault Isolation (SFI) is a security-enhancing program transformation for instrumenting an untrusted binary module so that it runs inside a dedicated isolated address space, called a sandbox. To ensure that the untrusted module cannot escape its sandbox, existing approaches such as Google's Native Client rely on a binary verifier to check that all memory accesses are within the sandbox. Instead of relying on a posteriori verification, we design, implement and prove correct a program instrumentation pha… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
3
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
3
2
1

Relationship

0
6

Authors

Journals

citations
Cited by 7 publications
(3 citation statements)
references
References 34 publications
(40 reference statements)
0
3
0
Order By: Relevance
“…Other secure compilation work is targeted at closing down side-channels: for instance by preserving the secret independence guarantees of the source code [19], or making sure that the code erasing secrets is not simply optimized away by the unaware compilers [22,34,38,89]. Closer to our work is the work on building compartmentalizing compilation chains [5,23,50,98] for unsafe languages like C and C++. In particular, as mentioned above, Abate et al [5] have recently showed how RSP can be extended to express the security guarantees obtained by protecting mutually distrustful components against each other.…”
Section: Hypersafety Preservationmentioning
confidence: 99%
“…Other secure compilation work is targeted at closing down side-channels: for instance by preserving the secret independence guarantees of the source code [19], or making sure that the code erasing secrets is not simply optimized away by the unaware compilers [22,34,38,89]. Closer to our work is the work on building compartmentalizing compilation chains [5,23,50,98] for unsafe languages like C and C++. In particular, as mentioned above, Abate et al [5] have recently showed how RSP can be extended to express the security guarantees obtained by protecting mutually distrustful components against each other.…”
Section: Hypersafety Preservationmentioning
confidence: 99%
“…There is a large body of work that ensures the runtime checks are fast on different architectures, e.g., x86 [Ford and Cox 2008;McCamant and Morrisett 2006;Payer and Gross 2011;Yee et al 2009], x86-64 [Sehr et al 2010], SPARC ® [Adl-Tabatabai et al 1996], and ARM ® [Sehr et al 2010;Zhao et al 2011;Zhou et al 2014], as otherwise they incur unacceptable overheads on the code executing in the sandbox. Similarly, there is a considerable literature that establishes that the checks are correct [Besson et al 2019[Besson et al , 2018Kroll et al 2014;Morrisett et al 2012], as even a single missing check can let the attacker escape the sandbox.…”
Section: Introductionmentioning
confidence: 99%
“…There is also work on verification of sandboxing techniques like software-fault isolation [Besson et al 2019;Morrisett et al 2012], architectural meta-data tagging (micro-policies) [de Amorim et al 2015], and architectural memory capabilities [El-Korashy 2016]. However, these verification efforts are directed at meta-theoretic correctness properties of the sandboxing mechanisms themselves, e.g., that sandboxed code cannot directly access memory outside the sandbox.…”
Section: Introductionmentioning
confidence: 99%