Explore Google's Native Client technology in this Black Hat USA 2012 conference talk. Dive into the intricacies of Google's attempt to securely integrate C/C++ code into the Chrome web browser through a combination of software fault isolation, custom compiler toolchain, and secure plugin architecture. Learn about the basics of the Native Client sandbox and its general security-relevant architecture, including PPAPI (the replacement for NPAPI). Discover vulnerabilities found through source code review in the PPAPI interface. Gain insights into a tool that dynamically generates code to fuzz the Native Client PPAPI interfaces based on IDL (Interface Description Language) files from the Chrome source tree. Understand how Native Client enables various applications, from games to PDF readers, to run securely within the browser environment.
Overview
Syllabus
Black Hat USA 2012 - Google Native Client: Analysis of a Secure Browser Plugin Sandbox
Taught by
Black Hat