ISboxing: An Instruction Substitution Based Data Sandboxing for x86 Untrusted Libraries - ICT Systems Security and Privacy Protection Access content directly
Conference Papers Year : 2015

ISboxing: An Instruction Substitution Based Data Sandboxing for x86 Untrusted Libraries

Liang Deng
  • Function : Author
  • PersonId : 986172
Qingkai Zeng
  • Function : Author
  • PersonId : 986173
Yao Liu
  • Function : Author

Abstract

Dynamically-linked libraries are widely adopted in application programs to achieve extensibility. However, faults in untrusted libraries could allow an attacker to compromise both integrity and confidentiality of the host system (the main program and trusted libraries), as no protection boundaries are enforced between them. Previous systems address this issue through the technique named data sandboxing that relies on instrumentation to sandbox memory reads and writes in untrusted libraries. However, the instrumentation method causes relatively high overhead due to frequent memory reads in code.In this paper, we propose an efficient and practical data sandboxing approach (called ISboxing) on contemporary x86 platforms, which sandboxes a memory read/write by directly substituting it with a self-sandboxed and function-equivalent one. Our substitution-based method does not insert any additional instructions into library code and therefore incurs almost no measurable runtime overhead. Our experimental results show that ISboxing incurs only 0.32%/1.54% (average/max) overhead for SPECint2000 and 0.05%/0.24% (average/max) overhead for SFI benchmarks, which indicates a notable performance improvement on prior work.
Fichier principal
Vignette du fichier
337885_1_En_26_Chapter.pdf (4 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01345130 , version 1 (13-07-2016)

Licence

Attribution

Identifiers

Cite

Liang Deng, Qingkai Zeng, Yao Liu. ISboxing: An Instruction Substitution Based Data Sandboxing for x86 Untrusted Libraries. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.386-400, ⟨10.1007/978-3-319-18467-8_26⟩. ⟨hal-01345130⟩
88 View
273 Download

Altmetric

Share

Gmail Facebook X LinkedIn More