[Mono-list] Announcement: New application-level x86 virtual machine

Dinis Cruz dinis.mono.projects at googlemail.com
Thu Dec 22 19:20:27 EST 2005


Hello Bryan, this project sounds indeed very interesting.

If I understood it correctly, your objective is to build a Sandbox for
unmanaged code (i.e. C++ code or Full Trust .Net Code) so that it can be
securely executed in the process hosting the VX32?

In that case, and knowing that all I need to take ownership of a process is
to be able to write to 4 bytes in that memory space (i.e. a pointer), how do
you securely handle the C++ native pointer manipulation without implementing
a C# like type safety environment.

I haven't read the main Pdf liked from your website, if this answer is
there, then please kindly point me to the relevant page.

Best regards

Dinis Cruz
Owasp .Net Project
www.owasp.net

On 12/22/05, Bryan Ford <baford at mit.edu> wrote:
>
> Hi folks, I hope this announcement might be of interest to some of you as
> being related to and in some respects complementary to Mono and other
> application-level virtual machines.
>
> I've just released the first (very experimental) version of VX32, a new
> x86-based application-level virtual environment. Unlike most x86-based
> virtual
> machines such as QEMU and plex86, VX32 is more comparable in
> function to Kaffe or Mono: VX32 only implements the user-mode portion of
> the
> x86 architecture rather than emulating a whole machine including devices,
> and
> is intended for use by applications to create lightweight, highly
> controllable execution environments for safe application plug-ins and the
> like, rather than for running whole operating systems. VX32 might be
> especially appropriate for safely running Unix filter-like applications
> such
> as compressors, decompressors, crypto software, or transcoders, where the
> legacy code bases you often want to re-use are already written in C or
> other
> non-typesafe languages.  VX32 could also potentially provide the basis for
> a
> "safe native method" extension facility for typesafe languages such as
> Java
> and C#, if there is interest.
>
> VX32 uses dynamic code rewriting techniques to sandbox guest code
> efficiently
> on x86 host processors, typically costing less than 15% slowdown versus
> native x86-32 execution. I'm also working on instruction set emulation and
> binary translation to make the environment portable to other host
> architectures.
>
> The VX32 home page, including the first source release, is here:
>
> http://pdos.csail.mit.edu/~baford/vm/
>
> The home page for VXA (Virtual eXecutable Archives), a related project
> that
> uses VX32 to turn ZIP files into "active archvies", is here:
>
> http://pdos.csail.mit.edu/~baford/vxa/
>
> Finally, a paper that discusses both VX32 and VXA can be found here:
>
> http://www.brynosaurus.com/pub/os/vxa.pdf
>
> I would appreciate any comments and feedback. Thanks for your time!
>
> Bryan
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ximian.com/pipermail/mono-list/attachments/20051223/71829cad/attachment-0001.html


More information about the Mono-list mailing list