Skip to Main content Skip to Navigation
Conference papers

ISboxing: An Instruction Substitution Based Data Sandboxing for x86 Untrusted Libraries

Abstract : Dynamically-linked libraries are widely adopted in application programs to achieve extensibility. However, faults in untrusted libraries could allow an attacker to compromise both integrity and confidentiality of the host system (the main program and trusted libraries), as no protection boundaries are enforced between them. Previous systems address this issue through the technique named data sandboxing that relies on instrumentation to sandbox memory reads and writes in untrusted libraries. However, the instrumentation method causes relatively high overhead due to frequent memory reads in code.In this paper, we propose an efficient and practical data sandboxing approach (called ISboxing) on contemporary x86 platforms, which sandboxes a memory read/write by directly substituting it with a self-sandboxed and function-equivalent one. Our substitution-based method does not insert any additional instructions into library code and therefore incurs almost no measurable runtime overhead. Our experimental results show that ISboxing incurs only 0.32%/1.54% (average/max) overhead for SPECint2000 and 0.05%/0.24% (average/max) overhead for SFI benchmarks, which indicates a notable performance improvement on prior work.
Document type :
Conference papers
Complete list of metadatas

Cited literature [28 references]  Display  Hide  Download

https://hal.inria.fr/hal-01345130
Contributor : Hal Ifip <>
Submitted on : Wednesday, July 13, 2016 - 11:09:01 AM
Last modification on : Wednesday, July 13, 2016 - 11:18:41 AM

File

337885_1_En_26_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Liang Deng, Qingkai Zeng, Yao Liu. ISboxing: An Instruction Substitution Based Data Sandboxing for x86 Untrusted Libraries. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.386-400, ⟨10.1007/978-3-319-18467-8_26⟩. ⟨hal-01345130⟩

Share

Metrics

Record views

132

Files downloads

245