Write a Blog >>

Sandboxing is a common technique for allowing untrusted components to safely interact with trusted code. However, previous work has only investigated the low-level memory isolation guarantees of sandboxing, leaving open the question of what exactly are the end-to-end guarantees that sandboxing affords programmers. In this paper, we fill this gap by exploring formally how sandboxing ensures the robust safety of trusted code, i.e. safety in the presence of arbitrary untrusted code. First, we present an idealized operational semantics for a language that combines trusted code with sandboxed untrusted code. Then, we prove that safety properties of the trusted code (as enforced through a rich type system) are upheld in the presence of arbitrary untrusted code, so long as all interactions with untrusted code occur at the “any” type (a type inhabited by all values). Finally, to alleviate the burden of having to interact with untrusted code at the “any” type, we develop a mechanism for automatically converting values between the “any” type and much richer types. All results of this paper are mechanized in the Coq proof assistant.

Fri 24 Jan

Displayed time zone: Saskatchewan, Central America change

10:30 - 11:35
Verification in Proof AssistantsResearch Papers at Ile de France III (IDF III)
Chair(s): Sandrine Blazy Univ Rennes- IRISA
10:30
21m
Talk
Virtual Timeline: A Formal Abstraction for Verifying Preemptive Schedulers with Temporal Isolation
Research Papers
Mengqi Liu Yale University, Lionel Rieg Verimag, Zhong Shao Yale University, Ronghui Gu Columbia University, David Costanzo Yale University, Jung-Eun Kim Yale University, Man-Ki Yoon Yale University
Link to publication DOI Media Attached File Attached
10:51
21m
Talk
The High-Level Benefits of Low-Level Sandboxing
Research Papers
Michael Sammler MPI-SWS, Deepak Garg Max Planck Institute for Software Systems, Derek Dreyer MPI-SWS, Tadeusz Litak FAU Erlangen-Nuremberg, INF 8
Link to publication DOI Media Attached
11:13
21m
Talk
Interaction Trees: Representing Recursive and Impure Programs in CoqDistinguished Paper
Research Papers
Li-yao Xia University of Pennsylvania, Yannick Zakowski University of Pennsylvania, Paul He University of Pennsylvania, Chung-Kil Hur Seoul National University, Gregory Malecha BedRock Systems, Benjamin C. Pierce University of Pennsylvania, Steve Zdancewic University of Pennsylvania
Link to publication DOI Media Attached File Attached