Abstract
We describe how to build a Language-Based Hypervisor (LBH) that can run untrusted applications (or modules) inside secure containers within a single language runtime instance. The LBH allows execution of untrusted code at a fine-grained level while controlling access to APIs, data, and resources. The LBH and untrusted applications are written in the same language and run together as one process on top of a single language interpreter or runtime. We use JavaScript as an example and describe how LBH can be implemented at the language level without modification to the runtime itself.
In memoriam of Enrico, who passed away after this work, done as an intern at Intel.
Similar content being viewed by others
References
Akhawe, D., Saxena, P., Song, D.: Privilege separation in HTML5 applications. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security 2012, USENIX Association, Berkeley, CA, USA, pp. 23–23 (2012)
Bhargavan, K., Delignat-Lavaud, A., Maffeis, S.: Language-based defenses against untrusted browser origins. In: Proceedings of the 22Nd USENIX Conference on Security, SEC 2013, USENIX Association, Berkeley, CA, USA, pp. 653–670 (2013)
Maffeis, S., Mitchell, J.C., Taly, A.: Object capabilities and isolation of untrusted web applications. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 125–140. IEEE (2010)
Maffeis, S., Taly, A.: Language-based isolation of untrusted JavaScript. In: Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium, CSF 2009, pp. 77–91. IEEE Computer Society, Washington, DC (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Budianto, E., Chow, R., Ding, J., McCool, M. (2016). Language-Based Hypervisors. In: Foresti, S., Persiano, G. (eds) Cryptology and Network Security. CANS 2016. Lecture Notes in Computer Science(), vol 10052. Springer, Cham. https://doi.org/10.1007/978-3-319-48965-0_52
Download citation
DOI: https://doi.org/10.1007/978-3-319-48965-0_52
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48964-3
Online ISBN: 978-3-319-48965-0
eBook Packages: Computer ScienceComputer Science (R0)