Native Client: A Sandbox for Portable, Untrusted x86 Native Code

This paper describes the design, implementation and evaluation of Native Client, a sandbox for untrusted x86 native code. Native Client aims to give browser-based applications the computational performance of native applications without compromising safety. Native Client uses software fault isolation and a secure runtime to direct system interaction and side effects through interfaces managed by Native Client. Native Client provides operating system portability for binary code while supporting performance-oriented features generally absent from web application programming environments, such as thread support, instruction set extensions such as SSE, and use of compiler intrinsics and hand-coded assembler. We combine these properties in an open architecture that encourages community review and 3rd-party tools.

[1]  William J. Bolosky,et al.  Mach: A New Kernel Foundation for UNIX Development , 1986, USENIX Summer.

[2]  クイック,et al.  ActiveX controls inside out , 1997 .

[3]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[4]  Frederick B. Cohen Defense-in-depth against computer viruses , 1992, Comput. Secur..

[5]  John B. Goodenough,et al.  Structured exception handling , 1975, POPL '75.

[6]  Sotiris Ioannidis,et al.  Sub-operating systems: a new approach to application security , 2002, EW 10.

[7]  Richard West,et al.  User-Level Sandboxing: a Safe and Efficient Mechanism for Extensibility , 2003 .

[8]  Patrick P. Gelsinger,et al.  Programming the 80386 , 1991 .

[9]  Stephen McCamant,et al.  Evaluating SFI for a CISC Architecture , 2006, USENIX Security Symposium.

[10]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[11]  Brad Chen,et al.  Locating System Problems Using Dynamic Instrumentation , 2010 .

[12]  Bryan Cantrill,et al.  Dynamic Instrumentation of Production Systems , 2004, USENIX Annual Technical Conference, General Track.

[13]  Lei Zhou,et al.  The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[14]  David Walker,et al.  Stack-based typed assembly language , 2002, J. Funct. Program..

[15]  Scott Devine,et al.  Disco: running commodity operating systems on scalable multiprocessors , 1997, TOCS.

[16]  Brian N. Bershad,et al.  Recovering device drivers , 2004, TOCS.

[17]  Alessandro Forin,et al.  UNIX as an Application Program , 1990, USENIX Summer.

[18]  Neha Narula,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.

[19]  Brian W. Kernighan,et al.  The C Programming Language, Second Edition , 1988 .

[20]  河野 健二 20世紀の名著名論:M. Accetta R. Baron W. Bolosky D. Golub R. Rashid A. Tevanian and M. Young:Mach : A New Kernel Foundation For UNIX Development , 2006 .

[21]  David A. Wagner,et al.  A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[22]  Stephen McCamant,et al.  Efficient, Verifiable Binary Sandboxing for a CISC Architecture , 2005 .

[23]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[24]  Richard M. Stallman,et al.  An Introduction to GCC , 2004 .

[25]  Robert Wahbe,et al.  Efficient and language-independent mobile programs , 1996, PLDI '96.

[26]  David R. Cheriton,et al.  The V distributed system , 1988, CACM.

[27]  Jeffrey Richter,et al.  CLR via C , 2006 .

[28]  Jon Howell,et al.  Leveraging Legacy Code to Deploy Desktop Applications on the Web , 2008, OSDI.

[29]  Adam Denning,et al.  ActiveX controls inside out (2nd ed.) , 1997 .

[30]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[31]  Carl A. Waldspurger,et al.  Memory resource management in VMware ESX server , 2002, OSDI '02.

[32]  Martín Abadi,et al.  XFI: software guards for system address spaces , 2006, OSDI '06.

[33]  Sotiris Ioannidis,et al.  Building a Secure Web Browser , 2001, USENIX Annual Technical Conference, FREENIX Track.

[34]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[35]  Christian Damsgaard Jensen,et al.  Protection wrappers: a simple and portable sandbox for untrusted applications , 1998, EW 8.

[36]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[37]  Bjarne Stroustrup,et al.  The C++ programming language (2nd ed.) , 1991 .

[38]  Christopher Small MiSFIT: A Tool for Constructing Safe Extensible C++ Systems , 1997, COOTS.

[39]  Bryan Ford VXA: a virtual architecture for durable compressed archives , 2005, FAST'05.

[40]  Jonathan M. Smith,et al.  EROS: a fast capability system , 1999, SOSP.

[41]  Bryan Ford,et al.  Vx32: Lightweight User-level Sandboxing on the x86 , 2008, USENIX Annual Technical Conference.

[42]  Martín Abadi,et al.  An Overview of the Singularity Project , 2005 .

[43]  Peter Lee,et al.  TIL: a type-directed, optimizing compiler for ML , 2004, SIGP.

[44]  Greg Nelson,et al.  Systems programming in modula-3 , 1991 .