NatiSand: Native Code Sandboxing for JavaScript Runtimes
Marco Abbadini, Dario Facchinetti, Gianluca Oldani, Matthew Rossi, Stefano Paraboschi
In Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
Modern runtimes render JavaScript code in a secure and isolated environment, but when they execute binary programs and shared libraries, no isolation guarantees are provided. This is an important limitation, and it affects many popular runtimes including Node.js, Deno, and Bun.
In this paper we propose NatiSand, a component for JavaScript runtimes that leverages Landlock, eBPF, and Seccomp to control the filesystem, Inter-Process Communication (IPC), and network resources available to binary programs and shared libraries. NatiSand does not require changes to the application code and offers to the user an easy interface. To demonstrate the effectiveness and efficiency of our approach we implemented NatiSand and integrated it into Deno, a modern, security-oriented JavaScript runtime. We reproduced a number of vulnerabilities affecting third-party code, showing how they are mitigated by NatiSand. We also conducted an extensive experimental evaluation to assess the performance, proving that our approach is competitive with state of the art code sandboxing solutions. The implementation is available open source.
@inproceedings{natisand,
author = {Marco Abbadini and Dario Facchinetti and Gianluca Oldani and Matthew Rossi and Stefano Paraboschi},
booktitle = {Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses},
doi = {10.1145/3607199.3607233},
title = {NatiSand: Native Code Sandboxing for JavaScript Runtimes},
year = {2023}
}