[Mono-list] Announcement: New application-level x86 virtual machine

Bryan Ford bryan.ford2 at verizon.net
Thu Dec 22 23:18:31 EST 2005


Hi Dinis,

To sandbox data memory accesses, the VX32 library sets up a special segment descriptor in the process's local descriptor table (LDT) that only allows access to the sandbox region that the untrusted code is supposed to be able to access, and arranges for this special segment always to be in the DS/ES/SS registers while running translated code.  And VX32 translates code in such a way as to ensure that the untrusted code cannot change the segment registers or use other segments for data accesses via segment overrides.

Cheers,
Bryan

>Hello Bryan, this project sounds indeed very interesting.
>
>If I understood it correctly, your objective is to build a Sandbox forunmanaged code (i.e. C++ code or Full Trust .Net Code) so that it canbe securely executed in the process hosting the VX32?
>
>In that case, and knowing that all I need to take ownership of aprocess is to be able to write to 4 bytes in that memory space (i.e. apointer), how do you securely handle the C++ native pointermanipulation without implementing a C# like type safety environment. 
>
>I haven't read the main Pdf liked from your website, if this answer is there, then please kindly point me to the relevant page.
>
>Best regards
>
>Dinis Cruz
>Owasp .Net Project
>www.owasp.net 
>
>On 12/22/05, Bryan Ford <baford at mit.edu> wrote:Hi folks, I hope this announcement might be of interest to some of you as
>being related to and in some respects complementary to Mono and other
>application-level virtual machines.
>
>I've just released the first (very experimental) version of VX32, a new
>x86-based application-level virtual environment. Unlike most x86-based virtual
>machines such as QEMU and plex86, VX32 is more comparable in
>function to Kaffe or Mono: VX32 only implements the user-mode portion of the
>x86 architecture rather than emulating a whole machine including devices, and
>is intended for use by applications to create lightweight, highly
>controllable execution environments for safe application plug-ins and the
>like, rather than for running whole operating systems. VX32 might be
>especially appropriate for safely running Unix filter-like applications such
>as compressors, decompressors, crypto software, or transcoders, where the
>legacy code bases you often want to re-use are already written in C or other
>non-typesafe languages.  VX32 could also potentially provide the basis for a
>"safe native method" extension facility for typesafe languages such as Java
>and C#, if there is interest.
>
>VX32 uses dynamic code rewriting techniques to sandbox guest code efficiently
>on x86 host processors, typically costing less than 15% slowdown versus
>native x86-32 execution. I'm also working on instruction set emulation and
>binary translation to make the environment portable to other host
>architectures.
>
>The VX32 home page, including the first source release, is here:
>
>http://pdos.csail.mit.edu/~baford/vm/
>
>The home page for VXA (Virtual eXecutable Archives), a related project that
>uses VX32 to turn ZIP files into "active archvies", is here:
>
>http://pdos.csail.mit.edu/~baford/vxa/
>
>Finally, a paper that discusses both VX32 and VXA can be found here:
>
>http://www.brynosaurus.com/pub/os/vxa.pdf
>
>I would appreciate any comments and feedback. Thanks for your time!
>
>Bryan
>_______________________________________________
>Mono-list maillist  -  Mono-list at lists.ximian.com
>http://lists.ximian.com/mailman/listinfo/mono-list



More information about the Mono-list mailing list