Native Client: A Sandbox for Portable, Untrusted x86 Native Code

被引：204

作者：

Yee, Bennet ^{[1
]}

Sehr, David ^{[1
]}

Dardyk, Gregory ^{[1
]}

Chen, J. Bradley ^{[1
]}

Muth, Robert ^{[1
]}

Ormandy, Tavis ^{[1
]}

Okasaka, Shiki ^{[1
]}

Narula, Neha ^{[1
]}

Fullagar, Nicholas ^{[1
]}

机构：

[1] Google Inc, Mountain View, CA 94043 USA

来源：

PROCEEDINGS OF THE 2009 30TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY | 2009年

关键词：

D O I：

10.1109/SP.2009.25

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

This paper describes the design, implementation and evaluation of Native Client, a sandbox for untrusted x86 native code. Native Client aims to give browser-based applications the computational performance of native applications without compromising safety. Native Client uses software fault isolation and a secure runtime to direct system interaction and side effects through interfaces managed by Native Client. Native Client provides operating system portability for binary code while supporting performance-oriented features generally absent from web application programming environments, such as thread support, instruction set extensions such as SSE, and use of compiler intrinsics and hand-coded assembler. We combine these properties in an open architecture that encourages community review and 3rd-party tools.

引用

页码：79 / 93

页数：15

共 25 条

[1] Native Client: A Sandbox for Portable, Untrusted x86 Native Code
Yee, Bennet
Sehr, David
Dardyk, Gregory
Chen, J. Bradley
Muth, Robert
Ormandy, Tavis
Okasaka, Shiki
Narula, Neha
Fullagar, Nicholas
[J]. COMMUNICATIONS OF THE ACM, 2010, 53 (01) : 91 - 99
[2] Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86
Lee, Hojoon
Song, Chihyun
Kang, Brent Byunghoon
[J]. PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), 2018, : 1441 - 1454
[3] Equational Reasoning on x86 Assembly Code
Coogan, Kevin
Debray, Saumya
[J]. 11TH IEEE INTERNATIONAL WORKING CONFERENCE ON SOURCE CODE ANALYSIS AND MANIPULATION (SCAM 2011), 2011, : 75 - 84
[4] Automated and portable native code isolation
Czajkowski, G
Daynès, L
Wolczko, M
[J]. 12TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING, PROCEEDINGS, 2001, : 298 - 307
[5] x86 Instruction Reordering for Code Compression
Paroczi, Zsombor
[J]. ACTA CYBERNETICA, 2013, 21 (01): : 177 - 190
[6] ISboxing: An Instruction Substitution Based Data Sandboxing for x86 Untrusted Libraries
Deng, Liang
Zeng, Qingkai
Liu, Yao
[J]. ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, 2015, 455 : 386 - 400
[7] Differentiating Code from Data in x86 Binaries
Wartell, Richard
Zhou, Yan
Hamlen, Kevin W.
Kantarcioglu, Murat
Thuraisingham, Bhavani
[J]. MACHINE LEARNING AND KNOWLEDGE DISCOVERY IN DATABASES, PT III, 2011, 6913 : 522 - 536
[8] Foreign code detection on the Windows/X86 platform
Nanda, Susanta
Li, Wei
Lam, Lap-Chung
Chiueh, Tzi-cker
[J]. 22ND ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2006, : 279 - +
[9] NATIVE-CODE COMPILERS ARE PORTABLE AND FAST
LETWIN, JG
LEWIS, AC
[J]. ELECTRONIC DESIGN, 1981, 29 (10) : 153 - 158
[10] Modelling the Performance of the Gaussian Chemistry Code on x86 Architectures
Antony, Joseph
Risch, Mike J.
Rendell, Alistair P.
[J]. MODELING, SIMULATION AND OPTIMIZATION OF COMPLEX PROCESSES, 2008, : 49 - +

← 1 2 3 →