Modular Software Fault Isolation as Abstract Interpretation

  • Frédéric Besson
  • Thomas Jensen
  • Julien LepillerEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11002)


Software Fault Isolation (SFI) consists in transforming untrusted code so that it runs within a specific address space, (called the sandbox) and verifying at load-time that the binary code does indeed stay inside the sandbox. Security is guaranteed solely by the SFI verifier whose correctness therefore becomes crucial. Existing verifiers enforce a very rigid, almost syntactic policy where every memory access and every control-flow transfer must be preceded by a sandboxing instruction sequence, and where calls outside the sandbox must implement a sophisticated protocol based on a shadow stack. We propose to define SFI as a defensive semantics, with the purpose of deriving semantically sound verifiers that admit flexible and efficient implementations of SFI. We derive an executable analyser, that works on a per-function basis, which ensures that the defensive semantics does not go wrong, and hence that the code is well isolated. Experiments show that our analyser exhibits the desired flexibility: it validates correctly sandboxed code, it catches code breaking the SFI policy, and it can validate programs where redundant instrumentations are optimised away.

Supplementary material


  1. 1.
    Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 5–23. Springer, Heidelberg (2004). Scholar
  2. 2.
    Biondi, P., Rigo, R., Zennou, S., Mehrenberger, X.: BinCAT: purrfecting binary static analysis. In: Symposium sur la sécurité des technologies de l’information et des communications (2017)Google Scholar
  3. 3.
    Brumley, D., Jager, I., Avgerinos, T., Schwartz, E.J.: BAP: a binary analysis platform. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 463–469. Springer, Heidelberg (2011). Scholar
  4. 4.
    Dullien, T., Porst, S.: REIL: a platform-independent intermediate representation of disassembled code for static code analysis. In: CanSecWest 2009 (2009)Google Scholar
  5. 5.
    Haas, A., et al.: Bringing the web up to speed with WebAssembly. In: Proceedings of the 38th Conference on Programming Language Design and Implementation, pp. 185–200. ACM (2017)Google Scholar
  6. 6.
    Jourdan, J.-H., Laporte, V., Blazy, S., Leroy, X., Pichardie, D.: A formally-verified C static analyzer. In: Proceedings of the 42nd Symposium on Principles of Programming Languages, pp. 247–259. ACM (2015)Google Scholar
  7. 7.
    Kinder, J.: Static analysis of x86 executables. Ph.D. thesis, Technische Universität Darmstadt, November 2010Google Scholar
  8. 8.
    Kroll, J.A., Stewart, G., Appel, A.W.: Portable software fault isolation. In: Proceedings of the 27th IEEE Computer Security Foundations Symposium, pp. 18–32. IEEE (2014)Google Scholar
  9. 9.
    Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
  10. 10.
    Mihaila, B.: Adaptable static analysis of executables for proving the absence of vulnerabilities. Ph.D. thesis, Technische Universität München (2015)Google Scholar
  11. 11.
    Miné, A.: Abstract domains for bit-level machine integer and floating-point operations. In: Proceedings of the Workshops on Automated Theory eXploration and on Invariant Generation. EPiC Series in Computing, vol. 17, pp. 55–70. EasyChair (2012)Google Scholar
  12. 12.
    Morrisett, G., Tan, G., Tassarotti, J., Tristan, J.-B., Gan, E.: RockSalt: better, faster, stronger SFI for the x86. SIGPLAN Not. 47(6), 395–404 (2012)CrossRefGoogle Scholar
  13. 13.
    Sehr, D., et al.: Adapting software fault isolation to contemporary CPU architectures. In: Proceedings of the 19th USENIX Conference on Security, pp. 1–12. USENIX (2010)Google Scholar
  14. 14.
    Shoshitaishvili, Y., et al.: SoK: (state of) the art of war: offensive techniques in binary analysis. In: IEEE Symposium on Security and Privacy (2016)Google Scholar
  15. 15.
    Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. SIGOPS Oper. Syst. Rev. 27(5), 203–216 (1993)CrossRefGoogle Scholar
  16. 16.
    Yee, B., et al.: Native client: a sandbox for portable, untrusted x86 native code. Commun. ACM 53(1), 91–99 (2010)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Frédéric Besson
    • 1
  • Thomas Jensen
    • 1
  • Julien Lepiller
    • 1
    Email author
  1. 1.Inria, Univ Rennes, CNRS, IRISAParisFrance

Personalised recommendations