The high-level benefits of low-level sandboxing-Reference-Cited by-同舟云学术

The high-level benefits of low-level sandboxing

Published:2020-01 Issue:POPL Volume:4 Page:1-32
ISSN:2475-1421
Container-title:Proceedings of the ACM on Programming Languages
language:en
Short-container-title:Proc. ACM Program. Lang.

Author:

Sammler Michael¹,Garg Deepak²,Dreyer Derek²,Litak Tadeusz³

Affiliation:

1. MPI-SWS, Germany / Friedrich-Alexander University Erlangen-Nürnberg, Germany

2. MPI-SWS, Germany

3. Friedrich-Alexander University Erlangen-Nürnberg, Germany

Abstract

Sandboxing is a common technique that allows low-level, untrusted components to safely interact with trusted code. However, previous work has only investigated the low-level memory isolation guarantees of sandboxing, leaving open the question of the end-to-end guarantees that sandboxing affords programmers. In this paper, we fill this gap by showing that sandboxing enables reasoning about the known concept of robust safety , i.e. , safety of the trusted code even in the presence of arbitrary untrusted code. To do this, we first present an idealized operational semantics for a language that combines trusted code with untrusted code. Sandboxing is built into our semantics. Then, we prove that safety properties of the trusted code (as enforced through a rich type system) are upheld in the presence of arbitrary untrusted code, so long as all interactions with untrusted code occur at the “any” type (a type inhabited by all values). Finally, to alleviate the burden of having to interact with untrusted code at only the “any” type, we formalize and prove safe several wrappers , which automatically convert values between the “any” type and much richer types. All our results are mechanized in the Coq proof assistant.

Funder

Horizon 2020 Framework Programme

Deutsche Forschungsgemeinschaft

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3371100

Reference43 articles.

1. Secrecy by typing in security protocols

2. When Good Components Go Bad

3. R.P. Abbott J. S. Chin J. E. Donnelley W. L. Konigsford S. Tokubo and D. A. Webb. 1976. Security analysis and enhancements of computer operating systems. Technical Report. Institute for Computer Sciences and Technology National Bureau of Standards Washington D.C. https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nbsir76- 1041.pdf R.P. Abbott J. S. Chin J. E. Donnelley W. L. Konigsford S. Tokubo and D. A. Webb. 1976. Security analysis and enhancements of computer operating systems. Technical Report. Institute for Computer Sciences and Technology National Bureau of Standards Washington D.C. https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nbsir76- 1041.pdf

4. Semantic foundations for typed assembly languages

5. Enforceable Security Policies Revisited

Cited by 8 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Stuttering for Free;Proceedings of the ACM on Programming Languages;2023-10-16

2. Semantic Encapsulation using Linking Types;Proceedings of the 8th ACM SIGPLAN International Workshop on Type-Driven Development;2023-08-30

3. Robust Safety for Move;2023 IEEE 36th Computer Security Foundations Symposium (CSF);2023-07

4. WaVe: a verifiably secure WebAssembly sandboxing runtime;P IEEE S SECUR PRIV;2023

5. Necessity specifications for robustness;Proceedings of the ACM on Programming Languages;2022-10-31