research-article

Open access

NatiSand: Native Code Sandboxing for JavaScript Runtimes

Authors:

Marco Abbadini,

Dario Facchinetti,

Gianluca Oldani,

Stefano ParaboschiAuthors Info & Claims

RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses

Pages 639 - 653

https://doi.org/10.1145/3607199.3607233

Published: 16 October 2023 Publication History

All formats PDF

Abstract

Modern runtimes render JavaScript code in a secure and isolated environment, but when they execute binary programs and shared libraries, no isolation guarantees are provided. This is an important limitation, and it affects many popular runtimes including Node.js, Deno, and Bun [20, 61].

In this paper we propose NatiSand, a component for JavaScript runtimes that leverages Landlock, eBPF, and Seccomp to control the filesystem, Inter-Process Communication (IPC), and network resources available to binary programs and shared libraries. NatiSand does not require changes to the application code and offers to the user an easy interface. To demonstrate the effectiveness and efficiency of our approach we implemented NatiSand and integrated it into Deno, a modern, security-oriented JavaScript runtime. We reproduced a number of vulnerabilities affecting third-party code, showing how they are mitigated by NatiSand. We also conducted an extensive experimental evaluation to assess the performance, proving that our approach is competitive with state of the art code sandboxing solutions. The implementation is available open source.

References

[1]

Marco Abbadini, Michele Beretta, Dario Facchinetti, Gianluca Oldani, Matthew Rossi, and Stefano Paraboschi. 2023. Leveraging eBPF to enhance sandboxing of WebAssembly runtimes. In Proceeding of the 18th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2023).

Digital Library

[2]

Marco Abbadini, Dario Facchinetti, Gianluca Oldani, Matthew Rossi, and Stefano Paraboschi. 2023. Cage4Deno: A Fine-Grained Sandbox for Deno Subprocesses. In Proceeding of the 18th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2023).

Digital Library

[3]

Mohammad M. Ahmadpanah, Daniel Hedin, Musard Balliu, Lars E. Olsson, and Andrei Sabelfeld. 2021. SandTrap: Securing JavaScript-driven Trigger-Action Platforms. In Proceeding of the USENIX Security Symposium (USENIX Security).

[4]

Alexei Starovoitov. 2020. Introduce CAP_BPF. https://lwn.net/Articles/820560/

[5]

Nakryiko Andrii. 2020. BPF Portability and CO-RE. https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html

[6]

Apple. 2023. JavaScriptCore. https://developer.apple.com/documentation/javascriptcore

[7]

Markus Bauer and Christian Rossow. 2021. Cali: Compiler-Assisted Library Isolation. In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS).

Digital Library

[8]

Maxime Bélair, Sylvie Laniepce, and Jean-Marc Menaud. 2021. SNAPPY: Programmable Kernel-Level Policies for Containers. In Proceedings of the ACM Symposium on Applied Computing (SAC).

Digital Library

[9]

Andrew Berman, Virgil Bourassa, and Erik Selberg. 1995. TRON: Process-Specific File Protection for the UNIX Operating System. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC).

[10]

Fraser Brown, Shravan Narayan, Riad S Wahby, Dawson Engler, Ranjit Jhala, and Deian Stefan. 2017. Finding and preventing bugs in javascript bindings. In Proceeding of the IEEE Symposium on Security and Privacy (IEEE S&P).

[11]

Thanh Bui, Siddharth Prakash Rao, Markku Antikainen, Viswanathan Manihatty Bojan, and Tuomas Aura. 2018. Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer. In Proceeding of the USENIX Security Symposium (USENIX Security).

[12]

Alexander Bulekov, Rasoul Jahanshahi, and Manuel Egele. 2021. Saphire: Sandboxing PHP Applications with Tailored System Call Allowlists. In Proceeding of the USENIX Security Symposium (USENIX Security).

[13]

Bun. 2023. Bun is a fast all-in-one JavaScript runtime. https://bun.sh/

[14]

George Christou, Grigoris Ntousakis, Eric Lahtinen, Sotiris Ioannidis, Vasileios P. Kemerlis, and Nikos Vasilakis. 2023. BinWrap: Hybrid Protection Against Native Node.js Add-ons. In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS).

Digital Library

[15]

R. Joseph Connor, Tyler McDaniel, Jared M. Smith, and Max Schuchard. 2020. PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In Proceedings of the USENIX Security Symposium (USENIX Security).

[16]

containers. 2023. Bubblewrap. https://github.com/containers/bubblewrap

[17]

Jonathan Corbet. 2006. File-based capabilities. https://lwn.net/Articles/211883/

[18]

Jonathan Corbet. 2014. BPF: the universal in-kernel virtual machine. https://lwn.net/Articles/599755/

[19]

Nicholas DeMarinis, Kent Williams-King, Di Jin, Rodrigo Fonseca, and Vasileios P Kemerlis. 2020. sysfilter: Automated System Call Filtering for Commodity Software. In Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

[20]

Deno Land. 2023. Deno Permission Model. https://deno.land/manual/getting_started/permissions

[21]

Deno Land. 2023. Node compatibility mode. https://deno.land/manual/node/compatibility_mode.

[22]

Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Kyle Zeng, Alexandros Kapravelos, Gail-Joon Ahn, Tiffany Bao, Ruoyu Wang, Adam Doupé, and Yan Shoshitaishvili. 2021. Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases. In Proceedings of the Network and Distributed System Security Symposium (NDSS).

[23]

Jake Edge. 2020. Seccomp and deep argument inspection. https://lwn.net/Articles/822256/

[24]

Emscripten Contributors. 2023. Emscripten toolchain. https://emscripten.org/

[25]

Gabriel Ferreira, Limin Jia, Joshua Sunshine, and Christian Kästner. 2021. Containing malicious package updates in npm with a lightweight permission system. In Proceedings of the International Conference on Software Engineering (ICSE).

Digital Library

[26]

William Findlay, David Barrera, and Anil Somayaji. 2021. BPFContain: Fixing the Soft Underbelly of Container Security. ArXiv preprint (2021).

[27]

William Findlay, Anil Somayaji, and David Barrera. 2020. bpfbox: Simple Precise Process Confinement with eBPF. In Proceedings of the ACM Conference on Cloud Computing Security Workshop (CCSW).

Digital Library

[28]

Google. 2023. Minijail. https://google.github.io/minijail/

[29]

Google. 2023. Sandbox2. https://developers.google.com/code-sandboxing/sandbox2/

[30]

Brendan Gregg. 2021. BPF Internals. https://www.usenix.org/conference/lisa21/presentation/gregg-bpf USENIX Large Installation Systems Administration Conference (LISA).

[31]

Jake Edge. 2015. A seccomp overview. https://lwn.net/Articles/656307/

[32]

Michael Kehoe. 2022. eBPF: The Next Power Tool of SREs. https://www.usenix.org/conference/srecon22americas/presentation/kehoe-ebpf USENIX SREcon Americas (SRECON).

[33]

Taesoo Kim and Nickolai Zeldovich. 2013. Practical and Effective Sandboxing for Non-root Users. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC).

[34]

Paul Kirth, Mitchel Dickerson, Stephen Crane, Per Larsen, Adrian Dabrowski, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz. 2022. PKRU-safe: automatically locking down the heap between safe and unsafe languages. In Proceedings of the European Conference on Computer Systems (EuroSys).

Digital Library

[35]

Deno Land. 2022. Deno 1.24 Release Notes – Improved FFI call performance. https://deno.com/blog/v1.24#improved-ffi-call-performance

[36]

Deno Land. 2022. Deno 1.25 Release Notes – FFI API improvements. https://deno.com/blog/v1.25#ffi-api-improvements

[37]

Deno Land. 2023. Deno: A modern runtime for JavaScript and TypeScript. https://deno.land/

[38]

Deno Land. 2023. Deno API. https://doc.deno.land/deno/stable/

[39]

Deno Land. 2023. Rusty V8 bindings. https://github.com/denoland/rusty_v8

[40]

Deno Land. 2023. sqlite3 bindings for Deno. https://deno.land/x/sqlite3

[41]

libbpf. 2023. libbpf. https://libbpf.readthedocs.io/en/latest/index.html

[42]

Linux manual. 2023. accept. https://man7.org/linux/man-pages/man2/accept.2.html

[43]

Linux manual. 2023. bpf. https://man7.org/linux/man-pages/man2/bpf.2.html

[44]

Linux manual. 2023. ldd. https://man7.org/linux/man-pages/man1/ldd.1.html

[45]

Linux manual. 2023. listen. https://man7.org/linux/man-pages/man2/listen.2.html

[46]

Linux manual. 2023. pipe. https://man7.org/linux/man-pages/man2/pipe.2.html

[47]

Linux manual. 2023. socketpair. https://man7.org/linux/man-pages/man2/socketpair.2.html

[48]

Linux manual. 2023. strace. https://man7.org/linux/man-pages/man1/strace.1.html

[49]

Steven McCanne and Van Jacobson. 1993. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In Proceedings of the USENIX Winter Conference (USENIX).

[50]

Mickaël Salaün. 2022. Landlock: unprivileged access control. https://docs.kernel.org/userspace-api/landlock.html

[51]

Jeffrey Mogul, Richard Rashid, and Michael Accetta. 1987. The Packet Filter: An Efficient Mechanism for User-Level Network Code. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP).

Digital Library

[52]

Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2020. Retrofitting Fine Grain Isolation in the Firefox Renderer. In Proceeding of the USENIX Security Symposium (USENIX Security).

[53]

netblue30. 2023. Firejail. https://firejail.wordpress.com/

[54]

npm. 2020. Npm packages. https://blog.npmjs.org/post/615388323067854848/so-long-and-thanks-for-all-the-packages.html

[55]

npm. 2023. bcrypt. https://www.npmjs.com/package/bcrypt

[56]

npm. 2023. fluent-ffmpeg. https://www.npmjs.com/package/fluent-ffmpeg.

[57]

npm. 2023. gm. https://www.npmjs.com/package/gm.

[58]

npm. 2023. sharp. https://www.npmjs.com/package/sharp

[59]

Grigoris Ntousakis, Sotiris Ioannidis, and Nikos Vasilakis. 2021. Detecting Third-Party Library Problems with Combined Program Analysis. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).

Digital Library

[60]

OpenJS Foundation. 2023. Node js API. https://nodejs.org/docs/latest/api/

[61]

OpenJS Foundation. 2023. Node Permissions. https://nodejs.org/api/permissions.html

[62]

OpenJS Foundation. 2023. Node.js. https://nodejs.org

[63]

OpenJS Foundation. 2023. Node.js V8 APIs. https://nodejs.org/api/v8.html

[64]

oven sh. 2023. Webcore bindings. https://github.com/oven-sh/bun/tree/main/src/bun.js/bindings/webcore

[65]

V8 project. 2023. WebAssembly compilation pipeline. https://v8.dev/docs/wasm-compilation-pipeline

[66]

Kyle Quest. 2023. SlimToolkit. https://github.com/slimtoolkit/slim

[67]

Matthew Rossi, Dario Facchinetti, Enrico Bacis, Marco Rosa, and Stefano Paraboschi. 2021. SEApp: Bringing Mandatory Access Control to Android Apps. In Proceeding of the USENIX Security Symposium (USENIX Security).

[68]

Ryan Dahl. 2018. 10 Things I Regret About Node.js. https://youtu.be/M3BM9TB-8yA European JavaScript Community Conference (JSConf EU).

[69]

Fabian Schwarz and Christian Rossow. 2020. SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients. In Proceeding of the USENIX Security Symposium (USENIX Security).

[70]

Yuru Shao, Jason Ott, Yunhan Jack Jia, Zhiyun Qian, and Z. Morley Mao. 2016. The misuse of android unix domain sockets and security implications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.

Digital Library

[71]

Stephen Smalley, Chris Vance, and Wayne Salamon. 2001. Implementing SELinux as a Linux security module. NAI Labs Report (2001).

[72]

Snyk. 2022. State of Open Source Security 2022. https://snyk.io/reports/open-source-security/.

[73]

Cristian-Alexandru Staicu, Michael Pradel, and Benjamin Livshits. 2018. Synode: Understanding and Automatically Preventing Injection Attacks on Node.js. In Proceedings of the Network and Distributed System Security Symposium (NDSS).

[74]

Cristian-Alexandru Staicu, Sazzadur Rahaman, Ágnes Kiss, and Michael Backes. 2023. Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages. In Proceeding of the USENIX Security Symposium (USENIX Security).

[75]

Jeff Terrace, Stephen R. Beard, and Naga P. K. Katta. 2012. JavaScript in JavaScript(js.js): Sandboxing Third-Party Scripts. In Proceedings of the USENIX Conference on Web Application Development (WebApps).

[76]

tesseract-ocr. 2023. Tesseract. https://github.com/tesseract-ocr/tesseract

[77]

The kernel development community. 2023. LSM BPF Programs. https://docs.kernel.org/bpf/prog_lsm.html

[78]

The kernel development community. 2023. Seccomp BPF (SECure COMPuting with filters). https://docs.kernel.org/userspace-api/seccomp_filter.html

[79]

TryGhost. 2023. Asynchronous, non-blocking SQLite3 bindings for Node.js. https://www.npmjs.com/package/sqlite3

[80]

V8 project. 2020. Unsafe fast JS calls. https://v8.dev/blog/v8-release-87#unsafe-fast-js-calls

[81]

V8 project. 2023. What is V8?https://v8.dev/

[82]

Nikos Vasilakis, Ben Karel, Nick Roessler, Nathan Dautenhahn, André DeHon, and Jonathan M Smith. 2018. BreakApp: Automated, Flexible Application Compartmentalization. In Proceedings of the Network and Distributed System Security Symposium (NDSS).

[83]

Nikos Vasilakis, Cristian-Alexandru Staicu, Grigoris Ntousakis, Konstantinos Kallas, Ben Karel, André DeHon, and Michael Pradel. 2021. Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).

Digital Library

[84]

WebAssembly. 2023. Wasi SDK. https://github.com/WebAssembly/wasi-sdk

[85]

Yongzheng Wu, Sai Sathyanarayan, Ronald H. C. Yap, and Zhenkai Liang. 2012. Codejail: Application-transparent isolation of libraries with tight program interactions. In European Symposium on Research in Computer Security (ESORICS).

[86]

Elizabeth Wyss, Alexander Wittman, Drew Davidson, and Lorenzo De Carli. 2022. Wolf at the Door: Preventing Install-Time Attacks in npm with Latch. In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS).

Digital Library

[87]

Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Smallworld with High Risks: A Study of Security Threats in the Npm Ecosystem. In Proceeding of the USENIX Security Symposium (USENIX Security).

Cited By

Niemi A(2024)Survey of Real-World Process Sandboxing2024 35th Conference of Open Innovations Association (FRUCT)10.23919/FRUCT61870.2024.10516417(520-531)Online publication date: 24-Apr-2024
https://doi.org/10.23919/FRUCT61870.2024.10516417
Abbadini MBeretta MFacchinetti DOldani GRossi MParaboschi S(2023)Lightweight Cloud Application Sandboxing2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom59040.2023.00033(139-146)Online publication date: 4-Dec-2023
https://doi.org/10.1109/CloudCom59040.2023.00033

Index Terms

NatiSand: Native Code Sandboxing for JavaScript Runtimes
1. Security and privacy
  1. Security services
    1. Access control
  2. Software and application security
    1. Web application security

Recommendations

Cage4Deno: A Fine-Grained Sandbox for Deno Subprocesses
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

Deno is a runtime for JavaScript and TypeScript that is receiving great interest by developers, and is increasingly used for the construction of back-ends of web applications. A primary goal of Deno is to provide a secure and isolated environment for ...
POSTER: Leveraging eBPF to enhance sandboxing of WebAssembly runtimes
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

WebAssembly is a binary instruction format designed as a portable compilation target enabling the deployment of untrusted code in a safe and efficient manner. While it was originally designed to be run inside web browsers, modern runtimes like Wasmtime ...
Drupal 6 JavaScript and jQuery

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

RAID '23: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses

October 2023

769 pages

ISBN:9798400707650

DOI:10.1145/3607199

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2023

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

European Commission
EU - NextGenerationEU

Conference

RAID 2023

RAID 2023: The 26th International Symposium on Research in Attacks, Intrusions and Defenses

October 16 - 18, 2023

Hong Kong, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
376
Total Downloads

Downloads (Last 12 months)376
Downloads (Last 6 weeks)43

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Niemi A(2024)Survey of Real-World Process Sandboxing2024 35th Conference of Open Innovations Association (FRUCT)10.23919/FRUCT61870.2024.10516417(520-531)Online publication date: 24-Apr-2024
https://doi.org/10.23919/FRUCT61870.2024.10516417
Abbadini MBeretta MFacchinetti DOldani GRossi MParaboschi S(2023)Lightweight Cloud Application Sandboxing2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom59040.2023.00033(139-146)Online publication date: 4-Dec-2023
https://doi.org/10.1109/CloudCom59040.2023.00033

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents