The high-level benefits of low-level sandboxing

Sammler MJ, Garg D, Dreyer D, Litak T. 2019. The high-level benefits of low-level sandboxing. Proceedings of the ACM on Programming Languages. 4(POPL), 1–32.

Download (ext.)
OA https://doi.org/10.1145/3371100 [Published Version]

Journal Article | Published | English

Scopus indexed
Author
Sammler, Michael JoachimISTA; Garg, Deepak; Dreyer, Derek; Litak, Tadeusz
Abstract
Sandboxing is a common technique that allows low-level, untrusted components to safely interact with trusted code. However, previous work has only investigated the low-level memory isolation guarantees of sandboxing, leaving open the question of the end-to-end guarantees that sandboxing affords programmers. In this paper, we fill this gap by showing that sandboxing enables reasoning about the known concept of robust safety, i.e., safety of the trusted code even in the presence of arbitrary untrusted code. To do this, we first present an idealized operational semantics for a language that combines trusted code with untrusted code. Sandboxing is built into our semantics. Then, we prove that safety properties of the trusted code (as enforced through a rich type system) are upheld in the presence of arbitrary untrusted code, so long as all interactions with untrusted code occur at the “any” type (a type inhabited by all values). Finally, to alleviate the burden of having to interact with untrusted code at only the “any” type, we formalize and prove safe several wrappers, which automatically convert values between the “any” type and much richer types. All our results are mechanized in the Coq proof assistant.
Publishing Year
Date Published
2019-12-20
Journal Title
Proceedings of the ACM on Programming Languages
Publisher
Association for Computing Machinery
Volume
4
Issue
POPL
Page
1-32
ISSN
IST-REx-ID

Cite this

Sammler MJ, Garg D, Dreyer D, Litak T. The high-level benefits of low-level sandboxing. Proceedings of the ACM on Programming Languages. 2019;4(POPL):1-32. doi:10.1145/3371100
Sammler, M. J., Garg, D., Dreyer, D., & Litak, T. (2019). The high-level benefits of low-level sandboxing. Proceedings of the ACM on Programming Languages. Association for Computing Machinery. https://doi.org/10.1145/3371100
Sammler, Michael Joachim, Deepak Garg, Derek Dreyer, and Tadeusz Litak. “The High-Level Benefits of Low-Level Sandboxing.” Proceedings of the ACM on Programming Languages. Association for Computing Machinery, 2019. https://doi.org/10.1145/3371100.
M. J. Sammler, D. Garg, D. Dreyer, and T. Litak, “The high-level benefits of low-level sandboxing,” Proceedings of the ACM on Programming Languages, vol. 4, no. POPL. Association for Computing Machinery, pp. 1–32, 2019.
Sammler MJ, Garg D, Dreyer D, Litak T. 2019. The high-level benefits of low-level sandboxing. Proceedings of the ACM on Programming Languages. 4(POPL), 1–32.
Sammler, Michael Joachim, et al. “The High-Level Benefits of Low-Level Sandboxing.” Proceedings of the ACM on Programming Languages, vol. 4, no. POPL, Association for Computing Machinery, 2019, pp. 1–32, doi:10.1145/3371100.
All files available under the following license(s):
Copyright Statement:
This Item is protected by copyright and/or related rights. [...]

Link(s) to Main File(s)
Access Level
OA Open Access

Export

Marked Publications

Open Data ISTA Research Explorer

Search this title in

Google Scholar