Skip to content

Latest commit

 

History

History
220 lines (147 loc) · 11.9 KB

README.md

File metadata and controls

220 lines (147 loc) · 11.9 KB

Description

This is the top level repo for the paper "Isolation without Taxation: Near-Zero-Cost Transitions for WebAssembly and SFI" submitted to POPL 2022 in which we introduce the zerocost transitions. This repo will download and build all tools used in the paper, such as the multiple builds of firefox with sandboxed libraries, modified compilers, and the RLBox API.

Software being built by this repo

lucet_sandbox_compiler - Lucet Wasm compiler (using the fork adapted for library sandboxign)

Sandboxing_NaCl - Nacl Sandboxing compiler that defaults to heavy transitions written in asm

rlbox_lucet_sandbox - RLBox sandboxing API plugin with lucet that uses zerocost transitions

zerocost_heavy_trampoline - Standalone heavyweight transitions written in asm used by other repos

zerocost_testing_sandbox - RLBox sandboxing API plugin with lucet that uses heavy transitions written in asm

rlbox_lucetstock_sandbox - RLBox sandboxing API plugin with lucet's default heavyweight transitions written in rust

rlbox_mpk_sandbox - RLBox sandboxing API plugin when sandboxing with an "ideal" sandbox and using heavyweight transitions written in asm

rlbox_segmentsfizerocost_sandbox - RLBox sandboxing API plugin when sandboxing with segmentzero sandboxing that uses zerocost transitions

rlbox_nacl_sandbox - RLBox sandboxing API plugin with Native Client and using heavyweight transitions written in asm

rlbox_sandboxing_api - RLBox sandboxing API

zerocost - libjpeg with different builds for lucet, nacl, segmentzero etc.

zerocost_testing_firefox - firefox with different builds for lucet, nacl, segmentzero etc.

web_resource_crawler - A firefox extension (needs Firefox 65+) that crawls the Alexa top 500, and collects information about the resources used on the web page.

rlbox_lucet_directcall_benchmarks - Microbenchmarks to compute the costs of direct calls vs indirect

zerocost_llvm - LLVM/Clang modified to support segmentzero

Build Instructions

Requirements - This repo has been tested on Ubuntu 20 LTS. Additionally, the process sandbox build of Firefox assumes you are on a machine with at least 4 cores.

Note - Do not use an existing machine; our setup installs/modifies packages on the machine and has been well tested on a fresh Ubuntu Install. Use a fresh VM or machine.

Estimated build time: Less than 24 hours

To build the repo, run

# Need make to run the scripts
sudo apt-get install make
# This installs required packages on the system.
# Only need to run once per system.
make bootstrap
# load the changes
source ~/.profile
# Download all sub-repos and build the world
make

For incremental builds after the first one, you can just use

make

Test Instructions

After building the repo, you can reproduce the tests we perform in the RLBox paper as follows.

All benchmarks should be run in benchmark mode. Setup the benchmark mode (pin cpu frequencies, disable hyper-threading, pin benchmarks to CPU) as follows.

make shielding_on
# The above will spawn a subshell in your current terminal
# Run the following command in this subshell
make benchmark_env_setup

See the makefile on how to invoke specific benchmarks.

After the benchmark is complete, disable benchmark mode by

  1. Close the terminal where you ran make shielding on. You can do with Ctrl + D

  2. Run the following in a new terminal

    make benchmark_env_closed