RockSalt: Better, faster, stronger SFI for the x86

Greg Morrisett; Gang Tan; Joseph Tassarotti; Jean Baptiste Tristan; Edward Gan

doi:10.1145/2345156.2254111

RockSalt: Better, faster, stronger SFI for the x86

Greg Morrisett
, Gang Tan
, Joseph Tassarotti
, Jean Baptiste Tristan
, Edward Gan

Research output: Contribution to journal › Article › peer-review

44 Scopus citations

Abstract

Software-based fault isolation (SFI), as used in Google's Native Client (NaCl), relies upon a conceptually simple machine-code analysis to enforce a security policy. But for complicated architectures such as the x86, it is all too easy to get the details of the analysis wrong. We have built a new checker that is smaller, faster, and has a much reduced trusted computing base when compared to Google's original analysis. The key to our approach is automatically generating the bulk of the analysis from a declarative description which we relate to a formal model of a subset of the x86 instruction set architecture. The x86 model, developed in Coq, is of independent interest and should be usable for a wide range of machine-level verification tasks.

Original language	English (US)
Pages (from-to)	395-404
Number of pages	10
Journal	ACM SIGPLAN Notices
Volume	47
Issue number	6
DOIs	https://doi.org/10.1145/2345156.2254111
State	Published - Aug 2012

All Science Journal Classification (ASJC) codes

General Computer Science

Access to Document

10.1145/2345156.2254111

Cite this

@article{e6be838df2274409868afb9ed98c1052,

title = "RockSalt: Better, faster, stronger SFI for the x86",

abstract = "Software-based fault isolation (SFI), as used in Google's Native Client (NaCl), relies upon a conceptually simple machine-code analysis to enforce a security policy. But for complicated architectures such as the x86, it is all too easy to get the details of the analysis wrong. We have built a new checker that is smaller, faster, and has a much reduced trusted computing base when compared to Google's original analysis. The key to our approach is automatically generating the bulk of the analysis from a declarative description which we relate to a formal model of a subset of the x86 instruction set architecture. The x86 model, developed in Coq, is of independent interest and should be usable for a wide range of machine-level verification tasks.",

author = "Greg Morrisett and Gang Tan and Joseph Tassarotti and Tristan, \{Jean Baptiste\} and Edward Gan",

year = "2012",

month = aug,

doi = "10.1145/2345156.2254111",

language = "English (US)",

volume = "47",

pages = "395--404",

journal = "ACM SIGPLAN Notices",

issn = "1523-2867",

publisher = "Association for Computing Machinery",

number = "6",

}

TY - JOUR

T1 - RockSalt

T2 - Better, faster, stronger SFI for the x86

AU - Morrisett, Greg

AU - Tan, Gang

AU - Tassarotti, Joseph

AU - Tristan, Jean Baptiste

AU - Gan, Edward

PY - 2012/8

Y1 - 2012/8

N2 - Software-based fault isolation (SFI), as used in Google's Native Client (NaCl), relies upon a conceptually simple machine-code analysis to enforce a security policy. But for complicated architectures such as the x86, it is all too easy to get the details of the analysis wrong. We have built a new checker that is smaller, faster, and has a much reduced trusted computing base when compared to Google's original analysis. The key to our approach is automatically generating the bulk of the analysis from a declarative description which we relate to a formal model of a subset of the x86 instruction set architecture. The x86 model, developed in Coq, is of independent interest and should be usable for a wide range of machine-level verification tasks.

AB - Software-based fault isolation (SFI), as used in Google's Native Client (NaCl), relies upon a conceptually simple machine-code analysis to enforce a security policy. But for complicated architectures such as the x86, it is all too easy to get the details of the analysis wrong. We have built a new checker that is smaller, faster, and has a much reduced trusted computing base when compared to Google's original analysis. The key to our approach is automatically generating the bulk of the analysis from a declarative description which we relate to a formal model of a subset of the x86 instruction set architecture. The x86 model, developed in Coq, is of independent interest and should be usable for a wide range of machine-level verification tasks.

UR - https://www.scopus.com/pages/publications/84866401628

UR - https://www.scopus.com/pages/publications/84866401628#tab=citedBy

U2 - 10.1145/2345156.2254111

DO - 10.1145/2345156.2254111

M3 - Article

AN - SCOPUS:84866401628

SN - 1523-2867

VL - 47

SP - 395

EP - 404

JO - ACM SIGPLAN Notices

JF - ACM SIGPLAN Notices

IS - 6

ER -

RockSalt: Better, faster, stronger SFI for the x86

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this