| | |
Summary: Retaining Sandbox Containment Despite Bugs in
Privileged Memory-Safe Code
Justin Cappos, Armon Dadgar, Jeff Rasley, Justin Samuel, Ivan Beschastnikh,
Cosmin Barsan, Arvind Krishnamurthy, Thomas Anderson
Department of Computer Science and Engineering
University of Washington
Seattle, WA 98195
{justinc,armond,jeffra45,jsamuel,ivan,cosminb,arvind,tom}@cs.washington.edu
Abstract
Flaws in the standard libraries of secure sandboxes represent
a major security threat to billions of devices worldwide. The
standard libraries are hard to secure because they frequently
need to perform low-level operations that are forbidden in
untrusted application code. Existing designs have a single,
large trusted computing base that contains security checks
at the boundaries between trusted and untrusted code. Un-
fortunately, flaws in the standard library often allow an at-
tacker to escape the security protections of the sandbox.
In this work, we construct a Python-based sandbox that
has a small, security-isolated kernel. Using a mechanism
|
