WebC: toward a portable framework for deploying legacy code in web browsers

详细信息    查看全文

• 作者：Jie Yin ; Gang Tan ; XiaoLong Bai ; ShiMin Hu
• 关键词：WebC ; software fault isolation ; symbol link ; shadow memory area ; portable ; 072102
• 刊名：SCIENCE CHINA Information Sciences
• 出版年：2015
• 出版时间：July 2015
• 年：2015
• 卷：58
• 期：7
• 页码：1-15
• 全文大小：441 KB
• 参考文献：1.Oeschger. API reference: netscape Gecko plugins 2.190 pgs. Netscape Communication, 2002
  2.Yee B, Sehr D, Dardyk G, et al. Native client: a sandbox for portable, untrusted x86 native code. In: Proceedings ofIEEE Symposium on Security and Privacy, Oakland 2009, 79鈥?3
  3.Douceur JR, Elson J, Howell J, et al. Leveraging legacy code to deploy desktop applications on the web. In:Proceedings of USENIX Symposium on Operating Systems Design and Implementation, San Diego 2008, 339鈥?54
  4.Wahbe R, Lucco S, Anderson T, et al. Efficient software-based fault isolation. In: Proceedings of ACM Symposiumon Operating Systems Principles, New York 1993, 203鈥?16
  5.McCamant S, Morrisett G. Evaluating SFI for a CISC architecture. In: Proceedings of USENIX Security Symposium,Vancouver 2006, 209鈥?24
  6.Sehr D, Muth R, Biffle C, et al. Adapting software fault isolation to contemporary CPU architectures. In: Proceedingsof USENIX Security Symposium, Washington DC 2010, 1鈥?2
  7.Erlingsson U, Abadi M, Vrable M, et al. XFI: software guards for system address spaces. In: Proceedings of the 7thSymposium on Operating Systems Design and Implementation, Seattle 2006, 75鈥?8
  8.Abadi M, Budiu M, Erlingsson U, et al. Control-flow integrity. In: Proceedings of the 12th ACM Conference onComputer and Communications Security, Alexandria 2005, 340鈥?53View Article
  9.Woo SC, Ohara M, Torrie E, et al. The SPLASH-2 programs: characterization and methodological considerations.In: Proceedings of International Symposium on Computer Architecture, Santa Margherita Ligure 1995, 24鈥?6
  10.Zeng B, Tan G, Morrisett G. Combining control-flow integrity and static analysis for efficient and validated datasandboxing. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago 2011,29鈥?0
  11.Jim T, Morrisett JG, Grossman D, et al. Cyclone: a safe dialect of C. In: Proceedings of USENIX Annual TechnicalConference, Monterey 2002, 275鈥?88
  12.Necula G. Proof-carrying code. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages,New York 1997, 106鈥?19
  13.Erlingsson U, Schneider FB. SASI enforcement of security policies: a retrospective. In: Proceedings of New SecurityParadigms Workshop, Ontario 1999, 87鈥?5
  14.Evans D, Twyman A. Flexible policy-directed code safety. In: Proceedings of IEEE Symposium on Security andPrivacy, Oakland 1999, 32鈥?5
  15.Erlingsson U, Schneider FB. IRM enforcement of Java stack inspection. In: Proceedings of IEEE Symposium onSecurity and Privacy, Oakland 2000, 246鈥?55
  16.Small C. A tool for constructing safe extensible C++ systems. In: Proceedings of the 3rd USENIX Conference onObject-Oriented Technologies and Systems, Portland 1997, 175鈥?84
  17.Ford B, Cox R. Vx32: lightweight user-level sandboxing on the x86. In: Proceedings of USENIX Annual TechnicalConference, Boston 2008, 293鈥?06
  18.Zeng B, Tan G, Erlingsson U. Strato: a retargetable framework for low-level inlined-reference monitors. In: Proceedingsof USENIX Security Symposium, Washington DC 2013, 369鈥?82
  19.Morrisett G, Tan G, Tassarotti J, et al. RockSalt: better, faster, stronger SFI for the x86. In: Proceedings of the 33rdACM SIGPLAN conference on Programming Language Design and Implementation, Beijing 2012, 395鈥?04View Article
  20.Dhurjati D, Kowshik S, Adve V. SAFECode: enforcing alias analysis for weakly typed languages. In: Proceedings ofthe ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, Ottawa, Ontario 2006,144鈥?57
  21.Dhurjati D, Adve V. Backwards-compatible array bounds checking for C with very low overhead. In: Proceedings ofthe 28th International Conference on Software Engineering, Shanghai 2006, 162鈥?71
  22.Nagarakatte S, Zhao J, Martin MM, et al. SoftBound: highly compatible and complete spatial memory safety for C. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, Dublin,2009. 245鈥?58
  23.Howell J, Parno B, Douceur JR. How to run POSIX apps in a minimal picoprocess. In: Proceedings of the USENIXAnnual Technical Conference, San Jose 2013, 321鈥?32
  
• 作者单位：Jie Yin (1)
  Gang Tan (2)
  XiaoLong Bai (1)
  ShiMin Hu (1)
  
  1. Department of Computer Science and Technology, Tsinghua University, Beijing, 100049, China
  2. Department of Computer Science and Engineering, Lehigh University, Bethlehem, PA, 18015, USA
  
• 刊物类别：Computer Science
• 刊物主题：Chinese Library of Science
  Information Systems and Communication Service
  
• 出版者：Science China Press, co-published with Springer
• ISSN：1869-1919

文摘

For security, most web applications are developed in some type-safe language, such as JavaScriptor Java. However, there is a huge amount of legacy codes developed in unsafe languages, which provide richfunctionality and are more efficient than their type-safe counterparts. To allow browsers to incorporate type-safecomponents in a secure way, previous approaches use the software-based fault isolation (SFI) to isolate untrustedlegacy code. The SFI approach performs machine-code transformation for security, but the downside is the lossof architecture independence. We propose WebC, a system that allows legacy code transmitted over the web viathe Low Level Virtual Machine (LLVM) bitcode format. The untrusted bitcode is transformed by WebC intocode in the WebC security language, which enforces both memory isolation and control-flow integrity. Comparedwith previous approaches, WebC is more portable, provides stronger security, and allows more flexible memorymanagement. Experimental results show that the average runtime overhead of WebC is modest.