Abstract
Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. Mozilla, for example, uses SFI to harden the Firefox browser by sandboxing third-party libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate untrusted tenants on their edge clouds. While there have been significant efforts to optimize and verify SFI enforcement, context switching in SFI systems remains largely unexplored: almost all SFI systems use heavyweight transitions that are not only error-prone but incur significant performance overhead from saving, clearing, and restoring registers when context switching. We identify a set of zero-cost conditions that characterize when sandboxed code has sufficient structured to guarantee security via lightweight zero-cost transitions (simple function calls). We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions, eliminating the undue performance tax on systems that rely on Lucet for sandboxing (e.g., we speed up image and font rendering in Firefox by up to 29.7% and 10% respectively). To remove the Lucet compiler and its correct implementation of the Wasm specification from the trusted computing base, we (1) develop a static binary verifier, VeriZero, which (in seconds) checks that binaries produced by Lucet satisfy our zero-cost conditions, and (2) prove the soundness of VeriZero by developing a logical relation that captures when a compiled Wasm function is semantically well-behaved with respect to our zero-cost conditions. Finally, we show that our model is useful beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our zero-cost conditions; our prototype performs on-par with the state-of-the-art Native Client SFI system.
Supplemental Material
- 2019. Java Platform, Standard Edition: Java Virtual Machine Guide. https://docs.oracle.com/en/java/javase/13/vm/java-virtual-machine-guide.pdfGoogle Scholar
- Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco, and Robert Wahbe. 1996. Efficient and language-independent mobile programs. In Proceedings of the ACM SIGPLAN’96 Conference on Programming Language Design and Implementation (PLDI), Philadephia, Pennsylvania, USA, May 21-24, 1996. ACM. https://doi.org/10.1145/231379.231402 Google Scholar
Digital Library
- Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Galen Hunt, and James Larus. 2006. Deconstructing process isolation. In Proceedings of the 2006 workshop on Memory System Performance and Correctness, San Jose, California, USA, October 11, 2006. ACM. https://doi.org/10.1145/1178597.1178599 Google Scholar
Digital Library
- Fritz Alder, Jo Van Bulck, David Oswald, and Frank Piessens. 2020. Faulty Point Unit: ABI Poisoning Attacks on Intel SGX. In ACSAC ’20: Annual Computer Security Applications Conference, Virtual Event / Austin, TX, USA, 7-11 December, 2020. ACM. https://doi.org/10.1145/3427228.3427270 Google Scholar
Digital Library
- Jason Ansel, Petr Marchenko, Úlfar Erlingsson, Elijah Taylor, Brad Chen, Derek L. Schuff, David Sehr, Cliff Biffle, and Bennet Yee. 2011. Language-independent sandboxing of just-in-time compilation and self-modifying code. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, San Jose, CA, USA, June 4-8, 2011. ACM. https://doi.org/10.1145/1993498.1993540 Google Scholar
Digital Library
- Alexandre Bartel and John Doe. 2018. Twenty years of escaping the Java sandbox. In Phrack.Google Scholar
- Adam Belay, Andrea Bittau, Ali Mashtizadeh, David Terei, David Mazières, and Christos Kozyrakis. 2012. Dune: Safe User-Level Access to Privileged CPU Features. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI’12). USENIX Association, USA. 335–348. isbn:9781931971966Google Scholar
Digital Library
- Frédéric Besson, Sandrine Blazy, Alexandre Dang, Thomas Jensen, and Pierre Wilke. 2019. Compiling sandboxes: Formally verified software fault isolation. In Programming Languages and Systems - 28th European Symposium on Programming, ESOP 2019, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019, Prague, Czech Republic, April 6-11, 2019, Proceedings (Lecture Notes in Computer Science, Vol. 11423). Springer. https://doi.org/10.1007/978-3-030-17184-1_18 Google Scholar
Cross Ref
- Frédéric Besson, Thomas Jensen, and Julien Lepiller. 2018. Modular software fault isolation as abstract interpretation. In Static Analysis - 25th International Symposium, SAS 2018, Freiburg, Germany, August 29-31, 2018, Proceedings (Lecture Notes in Computer Science, Vol. 11002). Springer. https://doi.org/10.1007/978-3-319-99725-4_12 Google Scholar
Cross Ref
- Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting Applications into Reduced-Privilege Compartments. In 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI 2008, April 16-18, 2008, San Francisco, CA, USA, Proceedings, Jon Crowcroft and Michael Dahlin (Eds.). USENIX Association, 309–322. http://www.usenix.org/events/nsdi08/tech/full_papers/bittau/bittau.pdfGoogle Scholar
- Jay Bosamiya, Benjamin Lim, and Bryan Parno. 2020. WebAssembly as an Intermediate Language for Provably-Safe Software Sandboxing. PriSC.Google Scholar
- Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-Flow Integrity: Precision, Security, and Performance. Comput. Surveys, 50 (2017), April, 16:1–16:33. issn:0360-0300 https://doi.org/10.1145/3054924 Google Scholar
Digital Library
- Bytecode Alliance. 2020. Lucet. https://github.com/bytecodealliance/lucetGoogle Scholar
- Bytecode Alliance. 2020. WebAssembly Micro Runtime. https://github.com/bytecodealliance/wasm-micro-runtimeGoogle Scholar
- Miguel Castro, Manuel Costa, Jean-Philippe Martin, Marcus Peinado, Periklis Akritidis, Austin Donnelly, Paul Barham, and Richard Black. 2009. Fast byte-granularity software fault isolation. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles 2009, SOSP 2009, Big Sky, Montana, USA, October 11-14, 2009. ACM. https://doi.org/10.1145/1629575.1629581 Google Scholar
Digital Library
- Y. Chen, S. Reymondjohnson, Z. Sun, and L. Lu. 2016. Shreds: Fine-Grained Execution Units with Private Memory. In 2016 IEEE Symposium on Security and Privacy (SP). 56–71. https://doi.org/10.1109/SP.2016.12 Google Scholar
Cross Ref
- Chromium Team. 2020. Memory safety. https://www.chromium.org/Home/chromium-security/memory-safetyGoogle Scholar
- Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, and George C Necula. 2006. XFI: Software guards for system address spaces. In 7th Symposium on Operating Systems Design and Implementation (OSDI ’06), November 6-8, Seattle, WA, USA. USENIX Association, 75–88.Google Scholar
- Manuel Fähndrich, Mark Aiken, Chris Hawblitzel, Orion Hodson, Galen Hunt, James R Larus, and Steven Levi. 2006. Language support for fast and reliable message-based communication in Singularity OS. In Proceedings of the 2006 EuroSys Conference, Leuven, Belgium, April 18-21, 2006. ACM. https://doi.org/10.1145/1217935.1217953 Google Scholar
Digital Library
- Bryan Ford. 2005. VXA: A Virtual Architecture for Durable Compressed Archives.. In FAST. 5.Google Scholar
- Bryan Ford and Russ Cox. 2008. Vx32: Lightweight User-level Sandboxing on the x86. In 2008 USENIX Annual Technical Conference, Boston, MA, USA, June 22-27, 2008. Proceedings. USENIX Association.Google Scholar
- Nathan Froyd. 2020. Securing Firefox with WebAssembly. https://hacks.mozilla.org/2020/02/securing-firefox-with-webassembly/Google Scholar
- Phani Kishore Gadepalli, Sean McBride, Gregor Peach, Ludmila Cherkasova, and Gabriel Parmer. 2020. Sledge: a Serverless-first, Light-weight Wasm Runtime for the Edge. In Middleware ’20: 21st International Middleware Conference, Delft, The Netherlands, December 7-11, 2020. ACM. https://doi.org/10.1145/3423211.3425680 Google Scholar
Digital Library
- 2021. Introducing the In-the-Wild Series. https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.htmlGoogle Scholar
- Nuwan Goonasekera, William Caelli, and Colin Fidge. 2015. LibVM: an Architecture for Shared Library Sandboxing. 45, 12 (2015), 1597–1617. issn:1097-024X https://doi.org/10.1002/spe.2294 Google Scholar
Digital Library
- Matthias Grimmer, Roland Schatz, Chris Seaton, Thomas Würthinger, and Hanspeter Mössenböck. 2015. Memory-safe Execution of C on a Java VM. In Workshop on Programming Languages and Analysis for Security (PLAS).Google Scholar
Digital Library
- Andreas Haas, Andreas Rossberg, Derek L. Schuff, Ben L. Titzer, Michael Holman, Dan Gohman, Luke Wagner, Alon Zakai, and Jf Bastien. 2017. Bringing the Web up to Speed with WebAssembly. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. Association for Computing Machinery, 185–200. isbn:978-1-4503-4988-8 https://doi.org/10.1145/3062341.3062363 Google Scholar
Digital Library
- Lars T Hansen. 2019. Cranelift: Performance parity with Baldr on x86-64. https://bugzilla.mozilla.org/show_bug.cgi?id=1539399Google Scholar
- Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-process isolation for high-throughput data plane libraries. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10-12, 2019. USENIX Association.Google Scholar
- Jorrit N Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S Tanenbaum. 2009. Fault isolation for device drivers. In Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009, Estoril, Lisbon, Portugal, June 29 - July 2, 2009. IEEE Computer Society. https://doi.org/10.1109/DSN.2009.5270357 Google Scholar
Cross Ref
- Galen C Hunt and James R Larus. 2007. Singularity: rethinking the software stack. SIGOPS Operating Systems Review, 41, 2 (2007).Google Scholar
Digital Library
- 2020. Intelsuperscript ® 64 and IA-32 Architectures Software Developer’s Manual.Google Scholar
- Abhinav Jangda, Bobby Powers, Emery D Berger, and Arjun Guha. 2019. Not so fast: Analyzing the performance of WebAssembly vs. native code. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10-12, 2019. USENIX Association.Google Scholar
- Evan Johnson. 2021. Update VeriWasm version. https://github.com/bytecodealliance/lucet/pull/684Google Scholar
- Evan Johnson, David Thien, Yousef Alhessi, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, and Deian Stefan. 2021. Доверяй, но проверяй: SFI safety for native-compiled Wasm. In Network and Distributed System Security Symposium (NDSS). Internet Society.Google Scholar
- Paul A. Karger. 1989. Using Registers to Optimize Cross-Domain Call Performance. In Proceedings of the Third International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS III). Association for Computing Machinery, New York, NY, USA. 194–204. isbn:0897913000 https://doi.org/10.1145/70082.68201 Google Scholar
Digital Library
- Matthew Kolosick, Shravan Narayan, Evan Johnson, Conrad Watt, Michael LeMay, Deepak Garg, Ranjit Jhala, and Deian Stefan. 2021. Isolation Without Taxation: Near Zero Cost Transitions for SFI. arxiv:2105.00033.Google Scholar
- Joshua A Kroll, Gordon Stewart, and Andrew W Appel. 2014. Portable software fault isolation. In 2014 IEEE 27th Computer Security Foundations Symposium. 18–32. https://doi.org/10.1109/CSF.2014.10 Google Scholar
Digital Library
- Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-Pointer Integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). 147–163. isbn:978-1-931971-16-4 https://www.usenix.org/conference/osdi14/technical-sessions/presentation/kuznetsovGoogle Scholar
- James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI’16). USENIX Association, 49–64. isbn:9781931971331Google Scholar
- H.J. Lu, Michael Matz, Milind Girkar, Jan Hubička, Andreas Jaeger, and Mark Mitchell. 2018. System V Application Binary InterfaceAMD64 Architecture Processor Supplement(With LP64 and ILP32 Programming Models). https://software.intel.com/content/dam/develop/external/us/en/documents/intro-to-intel-avx-183287.pdfGoogle Scholar
- Steve Lucco, Oliver Sharp, and Robert Wahbe. 1995. Omniware: A universal substrate for web programming. In WWW.Google Scholar
- Sergio Maffeis, John C Mitchell, and Ankur Taly. 2010. Object capabilities and isolation of untrusted web applications. In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA. IEEE Computer Society, 125–140. https://doi.org/10.1109/SP.2010.16 Google Scholar
Digital Library
- A.A. Matos and G. Boudol. 2005. On Declassification and the Non-Disclosure Policy. In 18th IEEE Computer Security Foundations Workshop (CSFW’05). 226–240. https://doi.org/10.1109/CSFW.2005.21 Google Scholar
Digital Library
- Stephen McCamant and Greg Morrisett. 2006. Evaluating SFI for a CISC Architecture. In Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31 - August 4, 2006. USENIX Association.Google Scholar
Digital Library
- Tyler McMullen. 2020. Lucet: A Compiler and Runtime for High-Concurrency Low-Latency Sandboxing. In PriSC.Google Scholar
- Kathleen Metrick, Jared Semrau, and Shambavi Sadayappan. 2020. Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation – Intelligence for Vulnerability Management, Part Two. https://www.fireeye.com/blog/threat-research/2020/04/time-between-disclosure-patch-release-and-vulnerability-exploitation.htmlGoogle Scholar
- Adrian Mettler, David A Wagner, and Tyler Close. 2010. Joe-E: A Security-Oriented Subset of Java.. In Network and Distributed System Security Symposium (NDSS).Google Scholar
- Matt Miller. 2019. Trends, challenges, and strategic shifts in the software vulnerability mitigation landscape. BlueHat.Google Scholar
- M.S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. 2008. Caja: Safe active content in sanitized JavaScript. http://google-caja.googlecode.com/files/caja-spec-2008-06-07.pdfGoogle Scholar
- Greg Morrisett, Karl Crary, Neal Glew, Dan Grossman, Richard Samuels, Frederick Smith, David Walker, Stephanie Weirich, and Steve Zdancewic. 1999. TALx86: A Realistic Typed Assembly Language. ACM SIGPLAN Workshop on Compiler Support for System Software, 25–35.Google Scholar
- Greg Morrisett, Karl Crary, Neal Glew, and David Walker. 2002. Stack-Based Typed Assembly Language. Journal of Functional Programming, 12 (2002), Jan., 43–88. issn:1469-7653, 0956-7968 https://doi.org/10.1017/S0956796801004178 Publisher: Cambridge University Press Google Scholar
Digital Library
- Greg Morrisett, Gang Tan, Joseph Tassarotti, Jean-Baptiste Tristan, and Edward Gan. 2012. RockSalt: Better, Faster, Stronger SFI for the x86. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’12, Beijing, China - June 11 - 16, 2012. ACM. https://doi.org/10.1145/2254064.2254111 Google Scholar
Digital Library
- Greg Morrisett, David Walker, Karl Crary, and Neal Glew. 1999. From System F to Typed Assembly Language. ACM Transactions on Programming Languages and Systems, 21 (1999), May, 527–568. issn:0164-0925 https://doi.org/10.1145/319301.319345 Google Scholar
Digital Library
- Mozilla. 2021. Firefox Public Data Report. https://data.firefox.com/dashboard/hardwareGoogle Scholar
- 2011. Issue 1607: Signal handling change allows inner sandbox escape on x86-32 Linux in Chrome. https://bugs.chromium.org/p/nativeclient/issues/detail?id=1607Google Scholar
- 2011. Issue 1633: Inner sandbox escape on 64-bit Windows via KiUserExceptionDispatcher. https://bugs.chromium.org/p/nativeclient/issues/detail?id=1633Google Scholar
- 2012. Issue 2919: Security: NaClSwitch() leaks NaClThreadContext pointer to x86-32 untrusted code. https://bugs.chromium.org/p/nativeclient/issues/detail?id=2919Google Scholar
- 2010. Issue 775: Uninitialized sendmsg syscall arguments in sel_ldr. https://bugs.chromium.org/p/nativeclient/issues/detail?id=775Google Scholar
- Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2020. Retrofitting Fine Grain Isolation in the Firefox Renderer. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 699–716.Google Scholar
- Shravan Narayan, Tal Garfinkel, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2019. Gobi: WebAssembly as a Practical Path to Library Sandboxing. arxiv:1912.02285.Google Scholar
- Native Client team. 2009. Native Client security contest archive. https://developer.chrome.com/docs/native-client/community/security-contest/Google Scholar
- Ben Niu and Gang Tan. 2014. RockJIT: Securing just-in-time compilation using modular control-flow integrity. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014. ACM. https://doi.org/10.1145/2660267.2660281 Google Scholar
Digital Library
- Mathias Payer and Thomas R. Gross. 2011. Fine-Grained User-Space Security through Virtualization. In Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. Association for Computing Machinery, New York, NY, USA. isbn:9781450306874 https://doi.org/10.1145/1952682.1952703 Google Scholar
Digital Library
- Weizhong Qiang, Yong Cao, Weiqi Dai, Deqing Zou, Hai Jin, and Benxi Liu. 2017. Libsec: A Hardware Virtualization-Based Isolation for Shared Library. In 2017 IEEE 19th International Conference on High Performance Computing and Communications; IEEE 15th International Conference on Smart City; IEEE 3rd International Conference on Data Science and Systems (HPCC/SmartCity/DSS). 34–41. https://doi.org/10.1109/HPCC-SmartCity-DSS.2017.5 Google Scholar
Cross Ref
- Henrik Rydgard. 2020. Windows (Fastcall) calling convention: Callee-saved XMM (FP) registers are not actually saved. https://github.com/bytecodealliance/wasmtime/issues/1177Google Scholar
- David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. 2020. Donky: Domain Keys – Efficient In-Process Isolation for RISC-V and x86. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1677–1694. isbn:978-1-939133-17-5 https://www.usenix.org/conference/usenixsecurity20/presentation/schrammelGoogle Scholar
- David Sehr, Robert Muth, Karl Schimpf, Cliff Biffle, Victor Khimenko, Bennet Yee, Brad Chen, and Egor Pasko. 2010. Adapting Software Fault Isolation to Contemporary CPU Architectures. In 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings. USENIX Association, 1–12.Google Scholar
Digital Library
- Margo I Seltzer, Yasuhiro Endo, Christopher Small, and Keith A Smith. 1996. Dealing with disaster: Surviving misbehaved kernel extensions. In Proceedings of the Second USENIX Symposium on Operating Systems Design and Implementation (OSDI), Seattle, Washington, USA, October 28-31, 1996. ACM. https://doi.org/10.1145/238721.238779 Google Scholar
Digital Library
- Joseph Siefers, Gang Tan, and Greg Morrisett. 2010. Robusta: Taming the native beast of the JVM. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8, 2010. ACM. https://doi.org/10.1145/1866307.1866331 Google Scholar
Digital Library
- Lau Skorstengaard, Dominique Devriese, and Lars Birkedal. 2019. StkTokens: enforcing well-bracketed control flow and stack encapsulation using linear capabilities. Proceedings of the ACM on Programming Languages, 3, POPL (2019), Jan., 1–28. issn:24751421 https://doi.org/10.1145/3290332 Google Scholar
Digital Library
- Gang Tan. 2017. Principles and implementation techniques of software-based fault isolation. Now Publishers.Google Scholar
- The LLVM Foundation. 2018. Automatic variable initialization. https://reviews.llvm.org/rL349442Google Scholar
- The LLVM Foundation. 2021. Control Flow Integrity, Clang 12 documentation. https://clang.llvm.org/docs/ControlFlowIntegrity.htmlGoogle Scholar
- The LLVM Foundation. 2021. SafeStack, Clang 12 documentation. https://clang.llvm.org/docs/SafeStack.htmlGoogle Scholar
- Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM. In Proceedings of the 23rd USENIX Security Symposium, Kevin Fu and Jaeyeon Jung (Eds.). 941–955.Google Scholar
- Alex Tsariounov. 2021. Shielding Linux Resources—Introduction. https://documentation.suse.com/sle-rt/15-SP1/html/SLE-RT-all/cha-shielding-intro.htmlGoogle Scholar
- Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, 1221–1238. isbn:978-1-939133-06-9Google Scholar
- K. Varda. 2018. WebAssembly on Cloudflare workers. https://blog.cloudflare.com/webassembly-on-cloudflare-workers/Google Scholar
- Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1993. Efficient Software-Based Fault Isolation. In Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles (SOSP ’93). Association for Computing Machinery, 203–216. isbn:978-0-89791-632-5 https://doi.org/10.1145/168619.168635 Google Scholar
Digital Library
- R. N. M. Watson, J. Woodruff, P. G. Neumann, S. W. Moore, J. Anderson, D. Chisnall, N. Dave, B. Davis, K. Gudka, B. Laurie, S. J. Murdoch, R. Norton, M. Roe, S. Son, and M. Vadera. 2015. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In 2015 IEEE Symposium on Security and Privacy. 20–37. https://doi.org/10.1109/SP.2015.9 Google Scholar
Digital Library
- Conrad Watt, Andreas Rossberg, and Jean Pichon-Pharabod. 2019. Weakening WebAssembly. Proc. ACM Program. Lang., 3, OOPSLA (2019), Article 133, Oct., 28 pages. https://doi.org/10.1145/3360559 Google Scholar
Digital Library
- WebAssembly Community Group. 2021. Exception Handling. https://github.com/WebAssembly/exception-handlingGoogle Scholar
- Xuejun Yang, Yang Chen, Eric Eide, and John Regehr. 2011. Finding and understanding bugs in C compilers. In PLDI.Google Scholar
- Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In 2009 30th IEEE Symposium on Security and Privacy. 79–93. https://doi.org/10.1109/SP.2009.25 ISSN: 2375-1207 Google Scholar
Digital Library
- Alon Zakai. 2020. WasmBoxC: Simple, Easy, and Fast VM-less Sandboxing. https://kripken.github.io/blog/wasm/2020/07/27/wasmboxc.htmlGoogle Scholar
- Bin Zeng, Gang Tan, and Greg Morrisett. 2011. Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS ’11). Association for Computing Machinery, New York, NY, USA. 29–40. isbn:9781450309486 https://doi.org/10.1145/2046707.2046713 Google Scholar
Digital Library
- Lu Zhao, Guodong Li, Bjorn De Sutter, and John Regehr. 2011. ARMor: fully verified software fault isolation. In Proceedings of the 11th International Conference on Embedded Software, EMSOFT 2011, part of the Seventh Embedded Systems Week, ESWeek 2011, Taipei, Taiwan, October 9-14, 2011. ACM. https://doi.org/10.1145/2038642.2038687 Google Scholar
Digital Library
- Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang. 2014. Armlock: Hardware-based fault isolation for arm. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014. ACM. https://doi.org/10.1145/2660267.2660344 Google Scholar
Digital Library
Index Terms
Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI
Recommendations
Understanding the performance of webassembly applications
IMC '21: Proceedings of the 21st ACM Internet Measurement ConferenceWebAssembly is the newest language to arrive on the web. It features a compact binary format, making it fast to be loaded and decoded. While WebAssembly is generally expected to be faster than JavaScript, there have been mixed results in proving which ...
Language-independent sandboxing of just-in-time compilation and self-modifying code
PLDI '11: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and ImplementationWhen dealing with dynamic, untrusted content, such as on the Web, software behavior must be sandboxed, typically through use of a language like JavaScript. However, even for such specially-designed languages, it is difficult to ensure the safety of ...






Comments