Explore the limitations of sandboxing and future security measures in this 20-minute conference talk from USENIX Enigma 2021. Delve into Chris Palmer's insights from Google Chrome Security as he discusses privilege separation, reduction, and the practical limits of sandboxing in software security. Discover why sandboxing alone is insufficient and learn about the challenges posed by real-world operating systems. Gain valuable knowledge on Chromium's approach to enhancing resilience through increased memory safety, and understand how these techniques can eliminate vulnerabilities or make them infeasible for exploit chains. Benefit from real-world lessons and applicable strategies for security engineers working on various projects, covering topics such as site isolation, memory safety, and their implications for the future of software security.
Overview
Syllabus
Intro
Presentation
What is Sandboxing
Site Isolation
Memory Safety
Implications
Taught by
USENIX Enigma Conference
Related Courses
-
The "Web/Local" Boundary Is Fuzzy - A Security Study of Chrome's Process-based Sandboxing
-
The State of Memory Safety - Fireside Chat
-
Navigating the Sandbox Buffet
-
The Not Fake News Hour
-
How Firefox Uses In-process Sandboxing to Protect Itself From Exploitable Libraries
-
Why Is Usable Security Hard, and What Should We Do About It?
