Enclosure: language-based restriction of untrusted libraries
- 17 April 2021
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
Abstract
Programming languages and systems have failed to address the security implications of the increasingly frequent use of public libraries to construct modern software. Most languages provide tools and online repositories to publish, import, and use libraries; however, this double-edged sword can incorporate a large quantity of unknown, unchecked, and unverified code into an application. The risk is real, as demonstrated by malevolent actors who have repeatedly inserted malware into popular open-source libraries. This paper proposes a solution: enclosures, a new programming language construct for library isolation that provides a developer with fine-grain control over the resources that a library can access, even for libraries with complex inter-library dependencies. The programming abstraction is language-independent and could be added to most languages. These languages would then be able to take advantage of hardware isolation mechanisms that are effective across language boundaries. The enclosure policies are enforced at run time by LitterBox, a language-independent framework that uses hardware mechanisms to provide uniform and robust isolation guarantees, even for libraries written in unsafe languages. LitterBox currently supports both Intel VT-x (with general-purpose extended page tables) and the emerging Intel Memory Protection Keys (MPK). We describe an enclosure implementation for the Go and Pythonlanguages. Our evaluation demonstrates that the Go implementation can protect sensitive data in real-world applications constructed using complex untrusted libraries with deep dependencies. It requires minimal code refactoring and incurs acceptable performance overhead. The Python implementation demonstrates LitterBox’s ability to support dynamic languages.Keywords
This publication has 18 references indexed in Scilit:
- No Need to HidePublished by Association for Computing Machinery (ACM) ,2017
- Deconstructing XenPublished by Internet Society ,2017
- Shreds: Fine-Grained Execution Units with Private MemoryPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Clean Application Compartmentalization with SOAAPPublished by Association for Computing Machinery (ACM) ,2015
- CODOMsACM SIGARCH Computer Architecture News, 2014
- Flipping bits in memory without accessing themACM SIGARCH Computer Architecture News, 2014
- The CHERI capability model: Revisiting RISC in an age of riskPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- You are what you includePublished by Association for Computing Machinery (ACM) ,2012
- Mondrian memory protectionPublished by Association for Computing Machinery (ACM) ,2002
- Proof-carrying codePublished by Association for Computing Machinery (ACM) ,1997