Title :
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
Author :
Yee, Bennet ; Sehr, David ; Dardyk, Gregory ; Chen, J. Bradley ; Muth, Robert ; Ormandy, Tavis ; Okasaka, Shiki ; Narula, N. ; Fullagar, Nicholas
Author_Institution :
Google Inc., Mountain View, CA, USA
Abstract :
This paper describes the design, implementation and evaluation of Native Client, a sandbox for untrusted x86 native code. Native Client aims to give browser-based applications the computational performance of native applications without compromising safety. Native Client uses software fault isolation and a secure runtime to direct system interaction and side effects through interfaces managed by Native Client. Native Client provides operating system portability for binary code while supporting performance-oriented features generally absent from Web application programming environments, such as thread support, instruction set extensions such as SSE, and use of compiler intrinsics and hand-coded assembler. We combine these properties in an open architecture that encourages community review and 3rd-party tools.
Keywords :
Internet; computer interfaces; online front-ends; security of data; software performance evaluation; Native client; Web application programming environments; binary code; browser-based applications; hand-coded assembler; instruction set extensions; open architecture; operating system portability; sandbox; software fault isolation; thread support; untrusted x86 native code; Application software; Assembly systems; High performance computing; Java; Manuals; Operating systems; Physics computing; Privacy; Security; Yarn; Security; World Wide Web;
Conference_Titel :
Security and Privacy, 2009 30th IEEE Symposium on
Conference_Location :
Berkeley, CA
Print_ISBN :
978-0-7695-3633-0
