2019
DOI: 10.1145/3371100
|View full text |Cite
|
Sign up to set email alerts
|

The high-level benefits of low-level sandboxing

Abstract: Sandboxing is a common technique that allows low-level, untrusted components to safely interact with trusted code. However, previous work has only investigated the low-level memory isolation guarantees of sandboxing, leaving open the question of the end-to-end guarantees that sandboxing affords programmers. In this paper, we fill this gap by showing that sandboxing enables reasoning about the known concept of robust safety, i.e., safety of the trusted code even in the presence of arbitrary untrusted code. To d… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
16
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
6
2

Relationship

1
7

Authors

Journals

citations
Cited by 21 publications
(16 citation statements)
references
References 36 publications
0
16
0
Order By: Relevance
“…Sammler et al [36] use robust safety to demonstrate the end-to-end security property of sandboxing. Sandboxing is a common technique that allows trusted and untrusted components to interact safely [19,34].…”
Section: Robust Safetymentioning
confidence: 99%
See 1 more Smart Citation
“…Sammler et al [36] use robust safety to demonstrate the end-to-end security property of sandboxing. Sandboxing is a common technique that allows trusted and untrusted components to interact safely [19,34].…”
Section: Robust Safetymentioning
confidence: 99%
“…There are many techniques for enforcing robust safety: sandboxing [36], process isolation, programming patterns such as object capabilites [32], and specialized hardware [41]. A promising, but less common approach to robust safety is enforcement at the language level.…”
Section: Introductionmentioning
confidence: 99%
“…More concretely, Skorstengaard et al (2018Skorstengaard et al ( , 2019 encode the guarantees obtained when executing adversarial assembly code in the fundamental theorem of their logical relations. The semantic type systems defined by and Sammler et al (2020) are similarly used to specify the behavior of arbitrary untrusted code. The lowval predicate, used to describe safely shareable values, defined by Swasey et al (2017), again serves a similar purpose.…”
Section: Related Workmentioning
confidence: 99%
“…Using Iris, [Sammler et al 2019] establishes guarantee of desired properties on observable traces (i.e., a sequence of system calls), instead of safety guarantee, in the presence of unverified contexts, but in a restricted setting that does not allow the contexts to invoke system calls.…”
Section: Specifications As Programsmentioning
confidence: 99%