Re: [funsec] FW: Native Client: A Technology for Running Native Code on the Web

[Juha-Matti Laurio]

And at Google Code Blog:
Native Client: A Technology for Running Native Code on the Web
http://google-code-updates.blogspot.com/2008/12/native-client-technology-for-running.html

Juha-Matti

Larry Seltzer [EMAIL PROTECTED] kirjoitti: 
> Feed: Google Online Security Blog
> Posted on: Monday, December 08, 2008 4:22 PM
> Author: Panayiotis Mavrommatis
> Subject: Native Client: A Technology for Running Native Code on the Web
> 
>  
> 
> Posted by Brad Chen, Native Client Team.
> 
> Most native applications can access everything on your computer  including 
> your files. This access means that you have to make decisions about which 
> apps you trust enough to install, because a malicious or buggy application 
> might harm your machine. Here at Google we believe you shouldn't have to 
> choose between powerful applications and security. That's why we're working 
> on Native Client 
> <http://code.google.com/p/nativeclient/?tbbrand=GZEZ&utm_campaign=en&utm_source=en-et-secblog&utm_medium=et>
>  , a technology that seeks to give Web developers the opportunity to make 
> safer and more dynamic applications that can run on any OS and any browser. 
> Today, we're sharing our technology with the research and security 
> communities for their feedback to help make this technology more useful and 
> more secure.
> 
> Our approach is built around a software containment system called the 
> inner-sandbox that is designed to prevent unintended interactions between a 
> native code module and the host system. The inner-sandbox uses static 
> analysis to detect security defects in untrusted x86 code. Previously, such 
> analysis has been challenging due to such practices as self-modifying code 
> and overlapping instructions. In our work, we disallow such practices through 
> a set of alignment and structural rules that, when observed, enable the 
> native code module to be disassembled reliably and all reachable instructions 
> to be identified during disassembly. With reliable disassembly as a tool, 
> it's then feasible for the validator to determine whether the executable 
> includes unsafe x86 instructions. For example, the validator can determine 
> whether the executable includes instructions that directly invoke the 
> operating system that could read or write files or subvert the containment 
> system itself.
> 
> To learn more and help test Native Client, check out our post on the Google 
> Code blog 
> <http://google-code-updates.blogspot.com/2008/12/native-client-technology-for-running.html>
>   as well as our developer site 
> <http://code.google.com/p/nativeclient/?tbbrand=GZEZ&utm_campaign=en&utm_source=en-et-secblog&utm_medium=et>
>  . Our developer site includes our research paper and of course the source 
> for the project under the BSD license.
> 
> We look forward to hearing what you think!
> 
>  <http://feedproxy.google.com/~f/GoogleOnlineSecurityBlog?a=C9SoQAdJ>  
> <http://feedproxy.google.com/~f/GoogleOnlineSecurityBlog?a=xHsaBQFL> 
> 
>  <http://feedproxy.google.com/~r/GoogleOnlineSecurityBlog/~4/2QGrbq4tQuU> 
> 
> 
> View article... 
> <http://feedproxy.google.com/~r/GoogleOnlineSecurityBlog/~3/2QGrbq4tQuU/native-client-technology-for-running.html>
>  


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.