|Title:||MiniBox: A Two-Way Sandbox for x86 Native Code|
|Authors:||Yanlin Li, Adrian Perrig, Jonathan McCune, James Newsome, Brandon Baker, Will Drewry|
|Publication Date:||February 21, 2014|
This paper presents MiniBox, the first two-way sandbox for x86 native code. MiniBox not only isolates the memory space between OS protection modules and an application, but also provides a minimized and secure communication interface between OS protection modules and the application. MiniBox is cross-platform and can be applied in Platform-as-a-Service (PaaS) cloud computing to provide two-way protection between a customer’s application and the cloud platform OS. We implement a prototype of MiniBox on both Intel and AMD multi-core systems and port several applications toMiniBox. Evaluation results show thatMiniBox is efficient and practical.
Full Report: CMU-CyLab-14-001