NatiSand: Native Code Sandboxing for JavaScript Runtimes


Marco Abbadini, Dario Facchinetti, Gianluca Oldani, Matthew Rossi, Stefano Paraboschi

In Proc. of the 26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Hong Kong, China, October 16-18, 2023

Get the paper Cite

Modern runtimes render JavaScript code in a secure and isolated libraries, no isolation guarantees are provided. This is an important limitation, and it affects many popular runtimes including Node.js, Deno, and Bun.

In this paper we propose NatiSand, a component for JavaScript runtimes that leverages Landlock, eBPF, and Seccomp to control the filesystem, Inter-Process Communication (IPC), and network resources available to binary programs and shared libraries. NatiSand does not require changes to the application code and offers to the user an easy interface. To demonstrate the effectiveness and efficiency of our approach we implemented NatiSand and integrated it into Deno, a modern, security-oriented JavaScript runtime. We reproduced a number of vulnerabilities affecting third-party code, showing how they are mitigated by NatiSand. We also conducted an extensive experimental evaluation to assess the performance, proving that our approach is competitive with state of the art code sandboxing solutions. The implementation is available open source.

@inproceedings{natisand,
	author = {Marco Abbadini and Dario Facchinetti and Gianluca Oldani and
	          Matthew Rossi and Stefano Paraboschi},
	booktitle = {Proceedings of the 26th International Symposium on Research in
	             Attacks, Intrusions and Defenses (RAID)},
	doi = {10.1145/3607199.3607233},
	title = {NatiSand: Native Code Sandboxing for JavaScript Runtimes},
	location = {Hong Kong, China},
	day = {16-18},
	month = {October},
	year = {2023},
}

CSAW 2023 Poster