Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Retaining Sandbox Containment Despite Bugs in Privileged Memory-Safe Code
 

Summary: Retaining Sandbox Containment Despite Bugs in
Privileged Memory-Safe Code
Justin Cappos, Armon Dadgar, Jeff Rasley, Justin Samuel, Ivan Beschastnikh,
Cosmin Barsan, Arvind Krishnamurthy, Thomas Anderson
Department of Computer Science and Engineering
University of Washington
Seattle, WA 98195
{justinc,armond,jeffra45,jsamuel,ivan,cosminb,arvind,tom}@cs.washington.edu
Abstract
Flaws in the standard libraries of secure sandboxes represent
a major security threat to billions of devices worldwide. The
standard libraries are hard to secure because they frequently
need to perform low-level operations that are forbidden in
untrusted application code. Existing designs have a single,
large trusted computing base that contains security checks
at the boundaries between trusted and untrusted code. Un-
fortunately, flaws in the standard library often allow an at-
tacker to escape the security protections of the sandbox.
In this work, we construct a Python-based sandbox that
has a small, security-isolated kernel. Using a mechanism

  

Source: Anderson, Tom - Department of Computer Science and Engineering, University of Washington at Seattle
Krishnamurthy, Arvind - Department of Computer Science and Engineering, University of Washington at Seattle

 

Collections: Computer Technologies and Information Sciences