Corpus ID: 233481047

Isolation Without Taxation: Near Zero Cost Transitions for SFI

@article{Kolosick2021IsolationWT,
  title={Isolation Without Taxation: Near Zero Cost Transitions for SFI},
  author={Matthew Kolosick and Shravan Narayan and C. Watt and M. LeMay and Deepak Garg and Ranjit Jhala and D. Stefan},
  journal={ArXiv},
  year={2021},
  volume={abs/2105.00033}
}
Almost all SFI systems use heavyweight transitions that incur significant performance overhead from saving and restoring registers when context switching between application and sandbox code. We identify a set of zero-cost conditions that characterize when sandboxed code is well-structured enough so that security can be guaranteed via lightweight zero-cost transitions. We show that using WebAssembly (Wasm) as an intermediate representation for low-level code naturally results in a SFI system… Expand

References

SHOWING 1-10 OF 73 REFERENCES
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
Singularity: rethinking the software stack
Principles and Implementation Techniques of Software-Based Fault Isolation
  • G. Tan
  • Computer Science
  • Found. Trends Priv. Secur.
  • 2017
Vx32: Lightweight User-level Sandboxing on the x86
Evaluating SFI for a CISC Architecture
TALx86: A Realistic Typed Assembly Language∗
Efficient software-based fault isolation
Retrofitting Fine Grain Isolation in the Firefox Renderer (Extended Version)
ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
...
1
2
3
4
5
...