Skip to main content

Technical Reports: CMU-CyLab-14-001

Title:MiniBox: A Two-Way Sandbox for x86 Native Code
Authors:Yanlin Li, Adrian Perrig, Jonathan McCune, James Newsome, Brandon Baker, Will Drewry
Publication Date:February 21, 2014


This paper presents MiniBox, the first two-way sandbox for x86 native code. MiniBox not only isolates the memory space between OS protection modules and an application, but also provides a minimized and secure communication interface between OS protection modules and the application. MiniBox is cross-platform and can be applied in Platform-as-a-Service (PaaS) cloud computing to provide two-way protection between a customer’s application and the cloud platform OS. We implement a prototype of MiniBox on both Intel and AMD multi-core systems and port several applications toMiniBox. Evaluation results show thatMiniBox is efficient and practical.

Full Report: CMU-CyLab-14-001