skip to main content
research-article
Open Access

Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI

Published:12 January 2022Publication History
Skip Abstract Section

Abstract

Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. Mozilla, for example, uses SFI to harden the Firefox browser by sandboxing third-party libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate untrusted tenants on their edge clouds. While there have been significant efforts to optimize and verify SFI enforcement, context switching in SFI systems remains largely unexplored: almost all SFI systems use heavyweight transitions that are not only error-prone but incur significant performance overhead from saving, clearing, and restoring registers when context switching. We identify a set of zero-cost conditions that characterize when sandboxed code has sufficient structured to guarantee security via lightweight zero-cost transitions (simple function calls). We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions, eliminating the undue performance tax on systems that rely on Lucet for sandboxing (e.g., we speed up image and font rendering in Firefox by up to 29.7% and 10% respectively). To remove the Lucet compiler and its correct implementation of the Wasm specification from the trusted computing base, we (1) develop a static binary verifier, VeriZero, which (in seconds) checks that binaries produced by Lucet satisfy our zero-cost conditions, and (2) prove the soundness of VeriZero by developing a logical relation that captures when a compiled Wasm function is semantically well-behaved with respect to our zero-cost conditions. Finally, we show that our model is useful beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our zero-cost conditions; our prototype performs on-par with the state-of-the-art Native Client SFI system.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

Short presentation video for "Isolation without Taxation: Near-Zero-Cost Transitions for WebAssembly and SFI" at POPL 2022.

References

  1. 2019. Java Platform, Standard Edition: Java Virtual Machine Guide. https://docs.oracle.com/en/java/javase/13/vm/java-virtual-machine-guide.pdfGoogle ScholarGoogle Scholar
  2. Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco, and Robert Wahbe. 1996. Efficient and language-independent mobile programs. In Proceedings of the ACM SIGPLAN’96 Conference on Programming Language Design and Implementation (PLDI), Philadephia, Pennsylvania, USA, May 21-24, 1996. ACM. https://doi.org/10.1145/231379.231402 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Galen Hunt, and James Larus. 2006. Deconstructing process isolation. In Proceedings of the 2006 workshop on Memory System Performance and Correctness, San Jose, California, USA, October 11, 2006. ACM. https://doi.org/10.1145/1178597.1178599 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Fritz Alder, Jo Van Bulck, David Oswald, and Frank Piessens. 2020. Faulty Point Unit: ABI Poisoning Attacks on Intel SGX. In ACSAC ’20: Annual Computer Security Applications Conference, Virtual Event / Austin, TX, USA, 7-11 December, 2020. ACM. https://doi.org/10.1145/3427228.3427270 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Jason Ansel, Petr Marchenko, Úlfar Erlingsson, Elijah Taylor, Brad Chen, Derek L. Schuff, David Sehr, Cliff Biffle, and Bennet Yee. 2011. Language-independent sandboxing of just-in-time compilation and self-modifying code. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, San Jose, CA, USA, June 4-8, 2011. ACM. https://doi.org/10.1145/1993498.1993540 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Alexandre Bartel and John Doe. 2018. Twenty years of escaping the Java sandbox. In Phrack.Google ScholarGoogle Scholar
  7. Adam Belay, Andrea Bittau, Ali Mashtizadeh, David Terei, David Mazières, and Christos Kozyrakis. 2012. Dune: Safe User-Level Access to Privileged CPU Features. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI’12). USENIX Association, USA. 335–348. isbn:9781931971966Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Frédéric Besson, Sandrine Blazy, Alexandre Dang, Thomas Jensen, and Pierre Wilke. 2019. Compiling sandboxes: Formally verified software fault isolation. In Programming Languages and Systems - 28th European Symposium on Programming, ESOP 2019, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019, Prague, Czech Republic, April 6-11, 2019, Proceedings (Lecture Notes in Computer Science, Vol. 11423). Springer. https://doi.org/10.1007/978-3-030-17184-1_18 Google ScholarGoogle ScholarCross RefCross Ref
  9. Frédéric Besson, Thomas Jensen, and Julien Lepiller. 2018. Modular software fault isolation as abstract interpretation. In Static Analysis - 25th International Symposium, SAS 2018, Freiburg, Germany, August 29-31, 2018, Proceedings (Lecture Notes in Computer Science, Vol. 11002). Springer. https://doi.org/10.1007/978-3-319-99725-4_12 Google ScholarGoogle ScholarCross RefCross Ref
  10. Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp. 2008. Wedge: Splitting Applications into Reduced-Privilege Compartments. In 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI 2008, April 16-18, 2008, San Francisco, CA, USA, Proceedings, Jon Crowcroft and Michael Dahlin (Eds.). USENIX Association, 309–322. http://www.usenix.org/events/nsdi08/tech/full_papers/bittau/bittau.pdfGoogle ScholarGoogle Scholar
  11. Jay Bosamiya, Benjamin Lim, and Bryan Parno. 2020. WebAssembly as an Intermediate Language for Provably-Safe Software Sandboxing. PriSC.Google ScholarGoogle Scholar
  12. Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-Flow Integrity: Precision, Security, and Performance. Comput. Surveys, 50 (2017), April, 16:1–16:33. issn:0360-0300 https://doi.org/10.1145/3054924 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Bytecode Alliance. 2020. Lucet. https://github.com/bytecodealliance/lucetGoogle ScholarGoogle Scholar
  14. Bytecode Alliance. 2020. WebAssembly Micro Runtime. https://github.com/bytecodealliance/wasm-micro-runtimeGoogle ScholarGoogle Scholar
  15. Miguel Castro, Manuel Costa, Jean-Philippe Martin, Marcus Peinado, Periklis Akritidis, Austin Donnelly, Paul Barham, and Richard Black. 2009. Fast byte-granularity software fault isolation. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles 2009, SOSP 2009, Big Sky, Montana, USA, October 11-14, 2009. ACM. https://doi.org/10.1145/1629575.1629581 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Y. Chen, S. Reymondjohnson, Z. Sun, and L. Lu. 2016. Shreds: Fine-Grained Execution Units with Private Memory. In 2016 IEEE Symposium on Security and Privacy (SP). 56–71. https://doi.org/10.1109/SP.2016.12 Google ScholarGoogle ScholarCross RefCross Ref
  17. Chromium Team. 2020. Memory safety. https://www.chromium.org/Home/chromium-security/memory-safetyGoogle ScholarGoogle Scholar
  18. Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, and George C Necula. 2006. XFI: Software guards for system address spaces. In 7th Symposium on Operating Systems Design and Implementation (OSDI ’06), November 6-8, Seattle, WA, USA. USENIX Association, 75–88.Google ScholarGoogle Scholar
  19. Manuel Fähndrich, Mark Aiken, Chris Hawblitzel, Orion Hodson, Galen Hunt, James R Larus, and Steven Levi. 2006. Language support for fast and reliable message-based communication in Singularity OS. In Proceedings of the 2006 EuroSys Conference, Leuven, Belgium, April 18-21, 2006. ACM. https://doi.org/10.1145/1217935.1217953 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Bryan Ford. 2005. VXA: A Virtual Architecture for Durable Compressed Archives.. In FAST. 5.Google ScholarGoogle Scholar
  21. Bryan Ford and Russ Cox. 2008. Vx32: Lightweight User-level Sandboxing on the x86. In 2008 USENIX Annual Technical Conference, Boston, MA, USA, June 22-27, 2008. Proceedings. USENIX Association.Google ScholarGoogle Scholar
  22. Nathan Froyd. 2020. Securing Firefox with WebAssembly. https://hacks.mozilla.org/2020/02/securing-firefox-with-webassembly/Google ScholarGoogle Scholar
  23. Phani Kishore Gadepalli, Sean McBride, Gregor Peach, Ludmila Cherkasova, and Gabriel Parmer. 2020. Sledge: a Serverless-first, Light-weight Wasm Runtime for the Edge. In Middleware ’20: 21st International Middleware Conference, Delft, The Netherlands, December 7-11, 2020. ACM. https://doi.org/10.1145/3423211.3425680 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. 2021. Introducing the In-the-Wild Series. https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.htmlGoogle ScholarGoogle Scholar
  25. Nuwan Goonasekera, William Caelli, and Colin Fidge. 2015. LibVM: an Architecture for Shared Library Sandboxing. 45, 12 (2015), 1597–1617. issn:1097-024X https://doi.org/10.1002/spe.2294 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Matthias Grimmer, Roland Schatz, Chris Seaton, Thomas Würthinger, and Hanspeter Mössenböck. 2015. Memory-safe Execution of C on a Java VM. In Workshop on Programming Languages and Analysis for Security (PLAS).Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Andreas Haas, Andreas Rossberg, Derek L. Schuff, Ben L. Titzer, Michael Holman, Dan Gohman, Luke Wagner, Alon Zakai, and Jf Bastien. 2017. Bringing the Web up to Speed with WebAssembly. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. Association for Computing Machinery, 185–200. isbn:978-1-4503-4988-8 https://doi.org/10.1145/3062341.3062363 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Lars T Hansen. 2019. Cranelift: Performance parity with Baldr on x86-64. https://bugzilla.mozilla.org/show_bug.cgi?id=1539399Google ScholarGoogle Scholar
  29. Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-process isolation for high-throughput data plane libraries. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10-12, 2019. USENIX Association.Google ScholarGoogle Scholar
  30. Jorrit N Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S Tanenbaum. 2009. Fault isolation for device drivers. In Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009, Estoril, Lisbon, Portugal, June 29 - July 2, 2009. IEEE Computer Society. https://doi.org/10.1109/DSN.2009.5270357 Google ScholarGoogle ScholarCross RefCross Ref
  31. Galen C Hunt and James R Larus. 2007. Singularity: rethinking the software stack. SIGOPS Operating Systems Review, 41, 2 (2007).Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. 2020. Intelsuperscript ® 64 and IA-32 Architectures Software Developer’s Manual.Google ScholarGoogle Scholar
  33. Abhinav Jangda, Bobby Powers, Emery D Berger, and Arjun Guha. 2019. Not so fast: Analyzing the performance of WebAssembly vs. native code. In 2019 USENIX Annual Technical Conference, USENIX ATC 2019, Renton, WA, USA, July 10-12, 2019. USENIX Association.Google ScholarGoogle Scholar
  34. Evan Johnson. 2021. Update VeriWasm version. https://github.com/bytecodealliance/lucet/pull/684Google ScholarGoogle Scholar
  35. Evan Johnson, David Thien, Yousef Alhessi, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, and Deian Stefan. 2021. Доверяй, но проверяй: SFI safety for native-compiled Wasm. In Network and Distributed System Security Symposium (NDSS). Internet Society.Google ScholarGoogle Scholar
  36. Paul A. Karger. 1989. Using Registers to Optimize Cross-Domain Call Performance. In Proceedings of the Third International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS III). Association for Computing Machinery, New York, NY, USA. 194–204. isbn:0897913000 https://doi.org/10.1145/70082.68201 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Matthew Kolosick, Shravan Narayan, Evan Johnson, Conrad Watt, Michael LeMay, Deepak Garg, Ranjit Jhala, and Deian Stefan. 2021. Isolation Without Taxation: Near Zero Cost Transitions for SFI. arxiv:2105.00033.Google ScholarGoogle Scholar
  38. Joshua A Kroll, Gordon Stewart, and Andrew W Appel. 2014. Portable software fault isolation. In 2014 IEEE 27th Computer Security Foundations Symposium. 18–32. https://doi.org/10.1109/CSF.2014.10 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-Pointer Integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). 147–163. isbn:978-1-931971-16-4 https://www.usenix.org/conference/osdi14/technical-sessions/presentation/kuznetsovGoogle ScholarGoogle Scholar
  40. James Litton, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Deepak Garg, Bobby Bhattacharjee, and Peter Druschel. 2016. Light-Weight Contexts: An OS Abstraction for Safety and Performance. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI’16). USENIX Association, 49–64. isbn:9781931971331Google ScholarGoogle Scholar
  41. H.J. Lu, Michael Matz, Milind Girkar, Jan Hubička, Andreas Jaeger, and Mark Mitchell. 2018. System V Application Binary InterfaceAMD64 Architecture Processor Supplement(With LP64 and ILP32 Programming Models). https://software.intel.com/content/dam/develop/external/us/en/documents/intro-to-intel-avx-183287.pdfGoogle ScholarGoogle Scholar
  42. Steve Lucco, Oliver Sharp, and Robert Wahbe. 1995. Omniware: A universal substrate for web programming. In WWW.Google ScholarGoogle Scholar
  43. Sergio Maffeis, John C Mitchell, and Ankur Taly. 2010. Object capabilities and isolation of untrusted web applications. In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA. IEEE Computer Society, 125–140. https://doi.org/10.1109/SP.2010.16 Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. A.A. Matos and G. Boudol. 2005. On Declassification and the Non-Disclosure Policy. In 18th IEEE Computer Security Foundations Workshop (CSFW’05). 226–240. https://doi.org/10.1109/CSFW.2005.21 Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Stephen McCamant and Greg Morrisett. 2006. Evaluating SFI for a CISC Architecture. In Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31 - August 4, 2006. USENIX Association.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Tyler McMullen. 2020. Lucet: A Compiler and Runtime for High-Concurrency Low-Latency Sandboxing. In PriSC.Google ScholarGoogle Scholar
  47. Kathleen Metrick, Jared Semrau, and Shambavi Sadayappan. 2020. Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation – Intelligence for Vulnerability Management, Part Two. https://www.fireeye.com/blog/threat-research/2020/04/time-between-disclosure-patch-release-and-vulnerability-exploitation.htmlGoogle ScholarGoogle Scholar
  48. Adrian Mettler, David A Wagner, and Tyler Close. 2010. Joe-E: A Security-Oriented Subset of Java.. In Network and Distributed System Security Symposium (NDSS).Google ScholarGoogle Scholar
  49. Matt Miller. 2019. Trends, challenges, and strategic shifts in the software vulnerability mitigation landscape. BlueHat.Google ScholarGoogle Scholar
  50. M.S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. 2008. Caja: Safe active content in sanitized JavaScript. http://google-caja.googlecode.com/files/caja-spec-2008-06-07.pdfGoogle ScholarGoogle Scholar
  51. Greg Morrisett, Karl Crary, Neal Glew, Dan Grossman, Richard Samuels, Frederick Smith, David Walker, Stephanie Weirich, and Steve Zdancewic. 1999. TALx86: A Realistic Typed Assembly Language. ACM SIGPLAN Workshop on Compiler Support for System Software, 25–35.Google ScholarGoogle Scholar
  52. Greg Morrisett, Karl Crary, Neal Glew, and David Walker. 2002. Stack-Based Typed Assembly Language. Journal of Functional Programming, 12 (2002), Jan., 43–88. issn:1469-7653, 0956-7968 https://doi.org/10.1017/S0956796801004178 Publisher: Cambridge University Press Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Greg Morrisett, Gang Tan, Joseph Tassarotti, Jean-Baptiste Tristan, and Edward Gan. 2012. RockSalt: Better, Faster, Stronger SFI for the x86. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’12, Beijing, China - June 11 - 16, 2012. ACM. https://doi.org/10.1145/2254064.2254111 Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Greg Morrisett, David Walker, Karl Crary, and Neal Glew. 1999. From System F to Typed Assembly Language. ACM Transactions on Programming Languages and Systems, 21 (1999), May, 527–568. issn:0164-0925 https://doi.org/10.1145/319301.319345 Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Mozilla. 2021. Firefox Public Data Report. https://data.firefox.com/dashboard/hardwareGoogle ScholarGoogle Scholar
  56. 2011. Issue 1607: Signal handling change allows inner sandbox escape on x86-32 Linux in Chrome. https://bugs.chromium.org/p/nativeclient/issues/detail?id=1607Google ScholarGoogle Scholar
  57. 2011. Issue 1633: Inner sandbox escape on 64-bit Windows via KiUserExceptionDispatcher. https://bugs.chromium.org/p/nativeclient/issues/detail?id=1633Google ScholarGoogle Scholar
  58. 2012. Issue 2919: Security: NaClSwitch() leaks NaClThreadContext pointer to x86-32 untrusted code. https://bugs.chromium.org/p/nativeclient/issues/detail?id=2919Google ScholarGoogle Scholar
  59. 2010. Issue 775: Uninitialized sendmsg syscall arguments in sel_ldr. https://bugs.chromium.org/p/nativeclient/issues/detail?id=775Google ScholarGoogle Scholar
  60. Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2020. Retrofitting Fine Grain Isolation in the Firefox Renderer. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 699–716.Google ScholarGoogle Scholar
  61. Shravan Narayan, Tal Garfinkel, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2019. Gobi: WebAssembly as a Practical Path to Library Sandboxing. arxiv:1912.02285.Google ScholarGoogle Scholar
  62. Native Client team. 2009. Native Client security contest archive. https://developer.chrome.com/docs/native-client/community/security-contest/Google ScholarGoogle Scholar
  63. Ben Niu and Gang Tan. 2014. RockJIT: Securing just-in-time compilation using modular control-flow integrity. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014. ACM. https://doi.org/10.1145/2660267.2660281 Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. Mathias Payer and Thomas R. Gross. 2011. Fine-Grained User-Space Security through Virtualization. In Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. Association for Computing Machinery, New York, NY, USA. isbn:9781450306874 https://doi.org/10.1145/1952682.1952703 Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. Weizhong Qiang, Yong Cao, Weiqi Dai, Deqing Zou, Hai Jin, and Benxi Liu. 2017. Libsec: A Hardware Virtualization-Based Isolation for Shared Library. In 2017 IEEE 19th International Conference on High Performance Computing and Communications; IEEE 15th International Conference on Smart City; IEEE 3rd International Conference on Data Science and Systems (HPCC/SmartCity/DSS). 34–41. https://doi.org/10.1109/HPCC-SmartCity-DSS.2017.5 Google ScholarGoogle ScholarCross RefCross Ref
  66. Henrik Rydgard. 2020. Windows (Fastcall) calling convention: Callee-saved XMM (FP) registers are not actually saved. https://github.com/bytecodealliance/wasmtime/issues/1177Google ScholarGoogle Scholar
  67. David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. 2020. Donky: Domain Keys – Efficient In-Process Isolation for RISC-V and x86. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1677–1694. isbn:978-1-939133-17-5 https://www.usenix.org/conference/usenixsecurity20/presentation/schrammelGoogle ScholarGoogle Scholar
  68. David Sehr, Robert Muth, Karl Schimpf, Cliff Biffle, Victor Khimenko, Bennet Yee, Brad Chen, and Egor Pasko. 2010. Adapting Software Fault Isolation to Contemporary CPU Architectures. In 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings. USENIX Association, 1–12.Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. Margo I Seltzer, Yasuhiro Endo, Christopher Small, and Keith A Smith. 1996. Dealing with disaster: Surviving misbehaved kernel extensions. In Proceedings of the Second USENIX Symposium on Operating Systems Design and Implementation (OSDI), Seattle, Washington, USA, October 28-31, 1996. ACM. https://doi.org/10.1145/238721.238779 Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Joseph Siefers, Gang Tan, and Greg Morrisett. 2010. Robusta: Taming the native beast of the JVM. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8, 2010. ACM. https://doi.org/10.1145/1866307.1866331 Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Lau Skorstengaard, Dominique Devriese, and Lars Birkedal. 2019. StkTokens: enforcing well-bracketed control flow and stack encapsulation using linear capabilities. Proceedings of the ACM on Programming Languages, 3, POPL (2019), Jan., 1–28. issn:24751421 https://doi.org/10.1145/3290332 Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. Gang Tan. 2017. Principles and implementation techniques of software-based fault isolation. Now Publishers.Google ScholarGoogle Scholar
  73. The LLVM Foundation. 2018. Automatic variable initialization. https://reviews.llvm.org/rL349442Google ScholarGoogle Scholar
  74. The LLVM Foundation. 2021. Control Flow Integrity, Clang 12 documentation. https://clang.llvm.org/docs/ControlFlowIntegrity.htmlGoogle ScholarGoogle Scholar
  75. The LLVM Foundation. 2021. SafeStack, Clang 12 documentation. https://clang.llvm.org/docs/SafeStack.htmlGoogle ScholarGoogle Scholar
  76. Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM. In Proceedings of the 23rd USENIX Security Symposium, Kevin Fu and Jaeyeon Jung (Eds.). 941–955.Google ScholarGoogle Scholar
  77. Alex Tsariounov. 2021. Shielding Linux Resources—Introduction. https://documentation.suse.com/sle-rt/15-SP1/html/SLE-RT-all/cha-shielding-intro.htmlGoogle ScholarGoogle Scholar
  78. Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, 1221–1238. isbn:978-1-939133-06-9Google ScholarGoogle Scholar
  79. K. Varda. 2018. WebAssembly on Cloudflare workers. https://blog.cloudflare.com/webassembly-on-cloudflare-workers/Google ScholarGoogle Scholar
  80. Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1993. Efficient Software-Based Fault Isolation. In Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles (SOSP ’93). Association for Computing Machinery, 203–216. isbn:978-0-89791-632-5 https://doi.org/10.1145/168619.168635 Google ScholarGoogle ScholarDigital LibraryDigital Library
  81. R. N. M. Watson, J. Woodruff, P. G. Neumann, S. W. Moore, J. Anderson, D. Chisnall, N. Dave, B. Davis, K. Gudka, B. Laurie, S. J. Murdoch, R. Norton, M. Roe, S. Son, and M. Vadera. 2015. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In 2015 IEEE Symposium on Security and Privacy. 20–37. https://doi.org/10.1109/SP.2015.9 Google ScholarGoogle ScholarDigital LibraryDigital Library
  82. Conrad Watt, Andreas Rossberg, and Jean Pichon-Pharabod. 2019. Weakening WebAssembly. Proc. ACM Program. Lang., 3, OOPSLA (2019), Article 133, Oct., 28 pages. https://doi.org/10.1145/3360559 Google ScholarGoogle ScholarDigital LibraryDigital Library
  83. WebAssembly Community Group. 2021. Exception Handling. https://github.com/WebAssembly/exception-handlingGoogle ScholarGoogle Scholar
  84. Xuejun Yang, Yang Chen, Eric Eide, and John Regehr. 2011. Finding and understanding bugs in C compilers. In PLDI.Google ScholarGoogle Scholar
  85. Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. 2009. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In 2009 30th IEEE Symposium on Security and Privacy. 79–93. https://doi.org/10.1109/SP.2009.25 ISSN: 2375-1207 Google ScholarGoogle ScholarDigital LibraryDigital Library
  86. Alon Zakai. 2020. WasmBoxC: Simple, Easy, and Fast VM-less Sandboxing. https://kripken.github.io/blog/wasm/2020/07/27/wasmboxc.htmlGoogle ScholarGoogle Scholar
  87. Bin Zeng, Gang Tan, and Greg Morrisett. 2011. Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS ’11). Association for Computing Machinery, New York, NY, USA. 29–40. isbn:9781450309486 https://doi.org/10.1145/2046707.2046713 Google ScholarGoogle ScholarDigital LibraryDigital Library
  88. Lu Zhao, Guodong Li, Bjorn De Sutter, and John Regehr. 2011. ARMor: fully verified software fault isolation. In Proceedings of the 11th International Conference on Embedded Software, EMSOFT 2011, part of the Seventh Embedded Systems Week, ESWeek 2011, Taipei, Taiwan, October 9-14, 2011. ACM. https://doi.org/10.1145/2038642.2038687 Google ScholarGoogle ScholarDigital LibraryDigital Library
  89. Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang. 2014. Armlock: Hardware-based fault isolation for arm. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014. ACM. https://doi.org/10.1145/2660267.2660344 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image Proceedings of the ACM on Programming Languages
        Proceedings of the ACM on Programming Languages  Volume 6, Issue POPL
        January 2022
        1886 pages
        EISSN:2475-1421
        DOI:10.1145/3511309
        Issue’s Table of Contents

        Copyright © 2022 Owner/Author

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 12 January 2022
        Published in pacmpl Volume 6, Issue POPL

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!