ACM Digital Library home
ACM home
Advanced Search
10.1145/2254064.2254111acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article

RockSalt: better, faster, stronger SFI for the x86

PLDI '12: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and ImplementationJune 2012 Pages 395–404https://doi.org/10.1145/2254064.2254111
Published:11 June 2012Publication History
  • 98citation
  • 1,079
  • Downloads
Metrics
Total Citations98
Total Downloads1,079
Last 12 Months51
Last 6 weeks3

ABSTRACT

Software-based fault isolation (SFI), as used in Google's Native Client (NaCl), relies upon a conceptually simple machine-code analysis to enforce a security policy. But for complicated architectures such as the x86, it is all too easy to get the details of the analysis wrong. We have built a new checker that is smaller, faster, and has a much reduced trusted computing base when compared to Google's original analysis. The key to our approach is automatically generating the bulk of the analysis from a declarative description which we relate to a formal model of a subset of the x86 instruction set architecture. The x86 model, developed in Coq, is of independent interest and should be usable for a wide range of machine-level verification tasks.

References

  1. J. Alglave, A. C. J. Fox, S. Ishtiaq, M. O. Myreen, S. Sarkar, P. Sewell, and F. Z. Nardelli. The semantics of Power and ARM multiprocessor machine code. In Proc. of the Workshop on Declarative Aspects of Multicore Programming, pages 13--24. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. J. B. Almeida, N. Moreira, D. Pereira, and S. M. de Sousa. Partial derivative automata formalized in Coq. In Proc. of the 15th Intl. Conf. on Implementation and Application of Automata, number 6482 in CIAA '10, pages 59--68. Springer-Verlag, Aug. 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. A. Barthwal and M. Norrish. Verified, executable parsing. In European Symp. on Programming, ESOP '09, pages 160--174. LNCS, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. J. A. Brzozowski. Derivatives of regular expressions. Journal of the ACM, 11: 481--494, 1964. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Chlipala. A verified compiler for an impure functional language. In Proc. of the 37th ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages, pages 93--106. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. D. Cock. Lyrebird: assigning meanings to machines. In Proc. of the 5th Intl. Conf. on Systems Software Verification, SSV'10, pages 6--15. USENIX Association, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. E. Cohen, M. Dahlweid, M. Hillebrand, D. Leinenbach, M. Moskal, T. Santen, W. Schulte, and S. Tobies. VCC: A practical system for verifying concurrent C. In Proc. of the 22nd Intl. Conf. on Theorem Proving in Higher Order Logics, TPHOLs '09, pages 23--42. Springer-Verlag, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. CoqCoq development team. The Coq proof assistant. http://coq.inria.fr/, 1989--2012.Google ScholarGoogle Scholar
  9. L. Correnson, Z. Dargaye, and A. Pacalet. WP plug-in manual. CEA LIST.Google ScholarGoogle Scholar
  10. J. Dias and N. Ramsey. Automatically generating instruction selectors using declarative machine descriptions. In Proc. of the 37th ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages, POPL '10, pages 403--416. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. A. C. J. Fox and M. O. Myreen. A trustworthy monadic formalization of the ARMv7 instruction set architecture. In Interactive Theorem Proving, volume 6172 of LNCS, pages 243--258. Springer, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. IntelIntel Corporation. Pentium® Processor Family Developer's Manual, volume 3. Intel Corporation, 1996.Google ScholarGoogle Scholar
  13. J.-H. Jourdan, F. Pottier, and X. Leroy. Validating LR(1) parsers. In European Symp. on Programming, ESOP '12. Springer, 2012. To appear. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. W. A. H. Jr. and S. Swords. Centaur technology media unit verification. In Computer Aided Verification, 21st Intl. Conf., volume 5643 of LNCS, pages 353--367. Springer, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. Kroll and D. Dean. BakerSFIeld: Bringing software fault isolation to x64. http://www.cs.princeton.edu/~kroll/papers/bakersfield-sfi.pdf.Google ScholarGoogle Scholar
  16. X. Leroy. Formal verification of a realistic compiler. Commun. of the ACM, 52 (7): 107--115, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. J. Lim. Transformer Specification Language: A System for Generating Analyzers and its Applications. PhD thesis, University of Wisconsin-Madison, May 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Proc. of the ACM SIGPLAN Conf. on Programming Language Design and Implementation, PLDI '05, pages 190--200. ACM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. L. Martignoni, R. Paleari, G. F. Roglia, and D. Bruschi. Testing CPU emulators. In Proc. of the 18th Intl. Symp. on Software Testing and Analysis, pages 261--272. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. In Proc. of the 15th Conf. on USENIX Security Symp., pages 209--224. USENIX Association, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. N. G. Michael and A. W. Appel. Machine instruction syntax and semantics in higher order logic. In Automated Deduction - CADE-17, 17th Intl. Conf. on Automated Deduction, volume 1831 of LNCS, pages 7--24. Springer, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Might, D. Darais, and D. Spiewak. Parsing with derivatives: a functional pearl. In Proc. of the 16th ACM SIGPLAN Intl. Conf. on Functional Programming, ICFP '11, pages 189--195. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. ContestNative Client team. Native client security contest. http://code.google.com/contests/nativeclient-security/index.html, 2009.Google ScholarGoogle Scholar
  24. S. Owens, J. Reppy, and A. Turon. Regular-expression derivatives re-examined. J. Funct. Program., 19: 173--190, March 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. S. Owens, P. Böhm, F. Z. Nardelli, and P. Sewell. Lem: A lightweight tool for heavyweight semantics. In Interactive Theorem Proving, volume 6898 of LNCS, pages 363--369. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. A. Pilkiewicz. A proved version of the inner sandbox. In native-client-discuss mailing list, April 2011.Google ScholarGoogle Scholar
  27. N. Ramsey and J. W. Davidson. Machine descriptions to build tools for embedded systems. In Languages, Compilers, and Tools for Embedded Systems, volume 1474 of LNCS, pages 176--192. Springer, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. N. Ramsey and M. F. Fernandez. Specifying representations of machine instructions. ACM Trans. Program. Lang. Syst., 19 (3): 492--524, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. Ray. Towards a formalization of the X86 instruction set architecture. Technical Report TR-08-15, Department of Computer Science, University of Texas at Austin, March 2008.Google ScholarGoogle Scholar
  30. S. Sarkar, P. Sewell, F. Z. Nardelli, S. Owens, T. Ridge, T. Braibant, M. O. Myreen, and J. Alglave. The semantics of x86-CC multiprocessor machine code. In Proc. of the 36th ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages, pages 379--391. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. Seaborn. A DFA-based x86-32 validator for Native Client. In native-client-discuss mailing list, June 2011.Google ScholarGoogle Scholar
  32. P. Sewell, S. Sarkar, S. Owens, F. Z. Nardelli, and M. O. Myreen. x86-TSO: a rigorous and usable programmer's model for x86 multiprocessors. Commun. ACM, 53 (7): 89--97, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient software-based fault isolation. In Proc. of the 14th ACM Symp. on Operating Systems Principles, SOSP '93, pages 203--216. ACM, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. X. Yang, Y. Chen, E. Eide, and J. Regehr. Finding and understanding bugs in C compilers. In Proc. of the 32nd ACM SIGPLAN Conf. on Programming Language Design and Implementation, PLDI '11, pages 283--294. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native Client: a sandbox for portable, untrusted x86 native code. Commun. of the ACM, 53 (1): 91--99, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. L. Zhao, G. Li, B. D. Sutter, and J. Regehr. Armor: Fully verified software fault isolation. In 11th Intl. Conf. on Embedded Software. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. RockSalt: better, faster, stronger SFI for the x86

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            Get this Publication

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            View Table of Contents
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!