The High-Level Benefits of Low-Level Sandboxing (POPL 2020 - Research Papers)

Write a Blog >>

Sun 19 - Sat 25 January 2020 New Orleans, Louisiana, United States

Who

Michael Sammler, Deepak Garg, Derek Dreyer, Tadeusz Litak

Track

POPL 2020 Research Papers

Time Zone

The program is currently displayed in (GMT-06:00) Saskatchewan, Central America.

Use conference time zone: (GMT-06:00) Saskatchewan, Central AmericaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 24 Jan 2020 10:51 - 11:13 at Ile de France III (IDF III) - Verification in Proof Assistants Chair(s): Sandrine Blazy

Abstract

Sandboxing is a common technique for allowing untrusted components to safely interact with trusted code. However, previous work has only investigated the low-level memory isolation guarantees of sandboxing, leaving open the question of what exactly are the end-to-end guarantees that sandboxing affords programmers. In this paper, we fill this gap by exploring formally how sandboxing ensures the robust safety of trusted code, i.e. safety in the presence of arbitrary untrusted code. First, we present an idealized operational semantics for a language that combines trusted code with sandboxed untrusted code. Then, we prove that safety properties of the trusted code (as enforced through a rich type system) are upheld in the presence of arbitrary untrusted code, so long as all interactions with untrusted code occur at the “any” type (a type inhabited by all values). Finally, to alleviate the burden of having to interact with untrusted code at the “any” type, we develop a mechanism for automatically converting values between the “any” type and much richer types. All results of this paper are mechanized in the Coq proof assistant.

Link to Publication

https://dl.acm.org/ft_gateway.cfm?id=3371100

DOI

https://doi.org/10.1145/3371100

Michael Sammler

MPI-SWS

Deepak Garg

Max Planck Institute for Software Systems

Germany

Derek Dreyer

MPI-SWS

Germany

Tadeusz Litak

FAU Erlangen-Nuremberg, INF 8

Germany

YouTube Video

Time Zone

The program is currently displayed in (GMT-06:00) Saskatchewan, Central America.

Use conference time zone: (GMT-06:00) Saskatchewan, Central AmericaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 24 Jan
Displayed time zone: Saskatchewan, Central America change

10:30 - 11:35	Verification in Proof AssistantsResearch Papers at Ile de France III (IDF III) Chair(s): Sandrine Blazy Univ Rennes- IRISA

10:30 21m Talk		Virtual Timeline: A Formal Abstraction for Verifying Preemptive Schedulers with Temporal Isolation Research Papers Mengqi Liu Yale University, Lionel Rieg Verimag, Zhong Shao Yale University, Ronghui Gu Columbia University, David Costanzo Yale University, Jung-Eun Kim Yale University, Man-Ki Yoon Yale University Link to publication DOI Media Attached File Attached
10:51 21m Talk		The High-Level Benefits of Low-Level Sandboxing Research Papers Michael Sammler MPI-SWS, Deepak Garg Max Planck Institute for Software Systems, Derek Dreyer MPI-SWS, Tadeusz Litak FAU Erlangen-Nuremberg, INF 8 Link to publication DOI Media Attached
11:13 21m Talk		Interaction Trees: Representing Recursive and Impure Programs in CoqDistinguished Paper Research Papers Li-yao Xia University of Pennsylvania, Yannick Zakowski University of Pennsylvania, Paul He University of Pennsylvania, Chung-Kil Hur Seoul National University, Gregory Malecha BedRock Systems, Benjamin C. Pierce University of Pennsylvania, Steve Zdancewic University of Pennsylvania Link to publication DOI Media Attached File Attached