Retaining sandbox containment despite bugs in privileged memory-safe code

Justin Cappos, Armon Dadgar, Jeff Rasley, Justin Samuel, Ivan Beschastnikh, Cosmin Barsan, Arvind Krishnamurthy, Thomas Anderson

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Flaws in the standard libraries of secure sandboxes represent a major security threat to billions of devices worldwide. The standard libraries are hard to secure because they frequently need to perform low-level operations that are forbidden in untrusted application code. Existing designs have a single, large trusted computing base that contains security checks at the boundaries between trusted and untrusted code. Unfortunately, aws in the standard library often allow an attacker to escape the security protections of the sandbox.In this work, we construct a Python-based sandbox that has a small, security-isolated kernel. Using a mechanism called a security layer, we migrate privileged functionality into memory-safe code on top of the sandbox kernel while retaining isolation. For example, significant portions of module import, file I/O, serialization, and network communication routines can be provided in security layers. By moving these routines out of the kernel, we prevent attackers from leveraging bugs in these routines to evade sandbox containment. We demonstrate the effectiveness of our approach by studying past bugs in Java's standard libraries and show that most of these bugs would likely be contained in our sandbox.

    Original languageEnglish (US)
    Title of host publicationCCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security
    Pages212-223
    Number of pages12
    DOIs
    StatePublished - 2010
    Event17th ACM Conference on Computer and Communications Security, CCS'10 - Chicago, IL, United States
    Duration: Oct 4 2010Oct 8 2010

    Publication series

    NameProceedings of the ACM Conference on Computer and Communications Security
    ISSN (Print)1543-7221

    Other

    Other17th ACM Conference on Computer and Communications Security, CCS'10
    CountryUnited States
    CityChicago, IL
    Period10/4/1010/8/10

    Keywords

    • Containment
    • Layering
    • Sandbox

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Fingerprint Dive into the research topics of 'Retaining sandbox containment despite bugs in privileged memory-safe code'. Together they form a unique fingerprint.

    Cite this