file.pdf (457.28 kB)
MiniBox: A Two-Way Sandbox for x86 Native Code (CMU-CyLab-14-001)
journal contribution
posted on 2014-02-21, 00:00 authored by Yanlin Li, Adrian Perrig, Jonathan M. McCune, James Newsome, Brandon Baker, Will DrewryThis paper presents MiniBox, the first two-way sandbox for x86 native code. MiniBox not only isolates the memory space between OS protection modules and an application, but also provides a minimized and secure communication interface between OS protection modules and the application. MiniBox is cross-platform and can be applied in Platform-as-a-Service (PaaS) cloud computing to provide two-way protection between a customer’s application and the cloud platform OS. We implement a prototype of MiniBox on both Intel and AMD multi-core systems and port several applications toMiniBox. Evaluation results show thatMiniBox is efficient and practical.