{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,14]],"date-time":"2025-05-14T04:19:30Z","timestamp":1747196370417,"version":"3.40.5"},"reference-count":38,"publisher":"Wiley","issue":"12","license":[{"start":{"date-parts":[[2014,11,10]],"date-time":"2014-11-10T00:00:00Z","timestamp":1415577600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Softw Pract Exp"],"published-print":{"date-parts":[[2015,12]]},"abstract":"<jats:title>Summary<\/jats:title><jats:p>Many software applications extend their functionality by dynamically loading libraries into their allocated address space. However, shared libraries are also often of unknown provenance and quality and may contain accidental bugs or, in some cases, deliberately malicious code. Most sandboxing techniques that address these issues require recompilation of the libraries using custom tool chains, require significant modifications to the libraries, do not retain the benefits of single address space programming, do not completely isolate guest code, or incur substantial performance overheads. In this paper, we present LibVM, a sandboxing architecture for isolating libraries within a host application without requiring any modifications to the shared libraries themselves, while still retaining the benefits of a single address space and also introducing a system call inter\u2010positioning layer that allows complete arbitration over a shared library's functionality. We show how to utilize contemporary hardware\u2010virtualization support towards this end with reasonable performance overheads, and, in the absence of such hardware support, our model can also be implemented using a software\u2010based mechanism. We ensure that our implementation conforms as closely as possible to existing shared library manipulation functions, minimizing the amount of effort needed to apply such isolation to existing programs. Our experimental results show that it is easy to gain immediate benefits in scenarios where the goal is to guard the host application against unintentional programming errors when using shared libraries, as well as in more complex scenarios, where a shared library is suspected of being actively hostile. In both cases, no changes are required to the shared libraries themselves. Copyright \u00a9 2014 John Wiley &amp; Sons, Ltd.<\/jats:p>","DOI":"10.1002\/spe.2294","type":"journal-article","created":{"date-parts":[[2014,11,10]],"date-time":"2014-11-10T10:20:59Z","timestamp":1415614859000},"page":"1597-1617","source":"Crossref","is-referenced-by-count":4,"title":["LibVM: an architecture for shared library sandboxing"],"prefix":"10.1002","volume":"45","author":[{"given":"Nuwan","family":"Goonasekera","sequence":"first","affiliation":[{"name":"Queensland University of Technology Brisbane Australia"}]},{"given":"William","family":"Caelli","sequence":"additional","affiliation":[{"name":"Queensland University of Technology Brisbane Australia"}]},{"given":"Colin","family":"Fidge","sequence":"additional","affiliation":[{"name":"Queensland University of Technology Brisbane Australia"}]}],"member":"311","published-online":{"date-parts":[[2014,11,10]]},"reference":[{"key":"e_1_2_9_2_1","unstructured":"LamL ChiuehT.Checking array bound violation using segmentation hardware inThe International Conference on Dependable Systems and Networks 2005 pp.388\u2013397."},{"key":"e_1_2_9_3_1","unstructured":"ZeiglerA.IE8 and Loosely\u2010Coupled IE(LCIE) [Online]2008. (Accessed: 2009 Jan 30). Available:http:\/\/blogs.msdn.com\/ie\/archive\/2008\/03\/11\/ie8\u2010and\u2010loosely\u2010coupled\u2010ie\u2010lcie.aspx"},{"key":"e_1_2_9_4_1","doi-asserted-by":"crossref","unstructured":"SwiftMM BershadBN LevyHM.Improving the reliability of commodity operating systems inThe Nineteenth ACM Symposium on Operating Systems Principles Bolton Landing NY USA 2003 pp.207\u2013222.","DOI":"10.1145\/1165389.945466"},{"key":"e_1_2_9_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11390-005-0654-4"},{"key":"e_1_2_9_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1272998.1273032"},{"key":"e_1_2_9_7_1","doi-asserted-by":"crossref","unstructured":"HerderJN BosH GrasB HomburgP TanenbaumAS.Fault isolation for device drivers inIEEE\/IFIP International Conference on Dependable Systems&Networks 2009 pp.33\u201342.","DOI":"10.1109\/DSN.2009.5270357"},{"key":"e_1_2_9_8_1","doi-asserted-by":"crossref","unstructured":"GoonasekeraNA CaelliWJ SahamaT.50 years of isolation inProceedings of the 2009 Symposia and Workshops on Ubiquitous Autonomic and Trusted Computing Brisbane Australia 2009 pp.54\u201360.","DOI":"10.1109\/UIC-ATC.2009.86"},{"key":"e_1_2_9_9_1","doi-asserted-by":"crossref","unstructured":"ChiuehT VenkitachalamG PradhanP.Integrating segmentation and paging protection for safe efficient and transparent software extensions presented at the Proceedings of the Seventeenth ACM Symposium on Operating Systems Principles Charleston South Carolina United States 1999.","DOI":"10.1145\/319151.319161"},{"key":"e_1_2_9_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/173668.168635"},{"key":"e_1_2_9_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1629175.1629203"},{"key":"e_1_2_9_12_1","unstructured":"FordB CoxR.Vx32: lightweight user\u2010level sandboxing on the x86 inUSENIX Annual Technical Conference Boston MA 2008 pp.293\u2013306."},{"key":"e_1_2_9_13_1","unstructured":"McCamantS MorrisettG.Evaluating SFI for a CISC architecture presented at the Proceedings of the 15th conference on USENIX Security Symposium Vancouver B.C. Canada 2006."},{"key":"e_1_2_9_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_49"},{"key":"e_1_2_9_15_1","unstructured":"JainK SekarR.User\u2010level infrastructure for system call interposition: a platform for intrusion detection and confinement inProceedings of the ISOC Symposium on Network and Distributed System Security 1999 pp.19\u201334."},{"key":"e_1_2_9_16_1","doi-asserted-by":"publisher","DOI":"10.4304\/jsw.7.9.2107-2118"},{"key":"e_1_2_9_17_1","unstructured":"GarfinkelT.Traps and pitfalls: practical problems in system call interposition based security tools inIn Proceedings of Network and Distributed Systems Security Symposium(NDSS) ed 2003 pp.163\u2013176."},{"key":"e_1_2_9_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/122576.122577"},{"key":"e_1_2_9_19_1","unstructured":"PeterssonJ.What Is Linux\u2010gate.so.1? [Online].2005. (Accessed: 2011 Jun. 18). Available:http:\/\/www.trilithium.com\/johan\/2005\/08\/linux\u2010gate\/"},{"key":"e_1_2_9_20_1","unstructured":"Redhat.Kernel Based Virtual Machine[Online].2010. (Accessed: 2010 Jul. 20). Available:http:\/\/www.linux\u2010kvm.org\/page\/Main_Page"},{"key":"e_1_2_9_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1168919.1168860"},{"key":"e_1_2_9_22_1","unstructured":"SugermanJ VenkitachalamG LimB.Virtualizing I\/O devices on VMware workstation's hosted virtual machine monitor presented at the Proceedings of the General Track: 2002 USENIX Annual Technical Conference 2001."},{"key":"e_1_2_9_23_1","doi-asserted-by":"crossref","unstructured":"RobinJS IrvineCE.Analysis of the Intel Pentium's ability to support a secure virtual machine monitor inProceedings of the 9th USENIX Security Symposium Denver Colorado 2000 p.10.","DOI":"10.21236\/ADA423654"},{"key":"e_1_2_9_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1165389.945462"},{"key":"e_1_2_9_25_1","unstructured":"FraserK HandS NeugebauerR PrattI WarfieldA WilliamsonM.Safe hardware access with the Xen virtual machine monitor presented at the 1st Workshop on Operating System and Architectural Support for the On\u2010Demand IT Infrastructure Boston MA 2004."},{"key":"e_1_2_9_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/265924.265930"},{"key":"e_1_2_9_27_1","unstructured":"Intel Intel 64 and IA\u201032 architectures software developer's manualvol. 1: Basic Architecture: Intel Corporation 2007."},{"key":"e_1_2_9_28_1","unstructured":"Intel.Intel 64 and IA\u201032 architectures software developer's manual volume 3Bvol. 3B: System Programming Guide: Intel Corporation 2007."},{"key":"e_1_2_9_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2005.163"},{"key":"e_1_2_9_30_1","unstructured":"AMD.AMD\u2010V\u2122Nested Paging[Online].2008. (Accessed: 2009 Jan. 30). Available:http:\/\/developer.amd.com\/assets\/NPT\u2010WP\u20101%201\u2010final\u2010TM.pdf"},{"key":"e_1_2_9_31_1","unstructured":"Intel.Intel\u00aeVirtualization Technology[Online].2008. (Accessed: 25th May 2011). Available:http:\/\/www.intel.com\/technology\/virtualization\/index.htm"},{"volume-title":"Linkers and Loaders","year":"1999","author":"Levine JR","key":"e_1_2_9_32_1"},{"key":"e_1_2_9_33_1","doi-asserted-by":"crossref","unstructured":"NoordendeGVt \u00c1d\u00e1mB RutgerH FrancesMTB AndrewST.A secure jailing system for confining untrusted applications inIn proceedings of the second International Conference on Security and Cryptography(SECRYPT) 2008 pp.414\u2013423.","DOI":"10.5220\/0002129404140423"},{"key":"e_1_2_9_34_1","unstructured":"GarfinkelT BenP MendelR.Ostia: a delegating architecture for secure system call interposition inProceedings of the Network and Distributed Systems Security Symposium 2004."},{"key":"e_1_2_9_35_1","doi-asserted-by":"crossref","unstructured":"LiedtkeJ ElphinstoneK SchonbergS HartigH HeiserG IslamN JaegerT.Achieved IPC performance (still the foundation for extensibility) inThe Sixth Workshop on Hot Topics in Operating Systems 1997 pp.28\u201331.","DOI":"10.1109\/HOTOS.1997.595177"},{"key":"e_1_2_9_36_1","unstructured":"BarthA JacksonC ReisC The Google Chrome Team.The Security Architecture of the Chromium Browser.2008. (Accessed: 2009 Jan. 30). Available:http:\/\/crypto.stanford.edu\/websec\/chromium\/"},{"key":"e_1_2_9_37_1","unstructured":"ReisC BershadB GribbleSD LevyHM.Using processes to improve the reliability of browser\u2010based applications Department of Computer Science and Engineering University of Washington Technical Report UW\u2010CSE\u20102007\u201012\u201001 2007."},{"key":"e_1_2_9_38_1","unstructured":"The Google Chrome Team.Chromium Developer Documentation:Multi\u2010process Architecture[Online].2008. (Accessed: 2009 Jan 30). Available:http:\/\/dev.chromium.org\/developers\/design\u2010documents\/multi\u2010process\u2010architecture"},{"key":"e_1_2_9_39_1","doi-asserted-by":"crossref","unstructured":"ChiuehT VenkitachalamG PradhanP.Intra\u2010address space protection using segmentation hardware inProceedings of the Seventh Workshop on Hot Topics in Operating Systems 1999 pp.110\u2013115.","DOI":"10.1109\/HOTOS.1999.798386"}],"container-title":["Software: Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fspe.2294","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spe.2294","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,13]],"date-time":"2025-05-13T16:24:27Z","timestamp":1747153467000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/spe.2294"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,11,10]]},"references-count":38,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2015,12]]}},"alternative-id":["10.1002\/spe.2294"],"URL":"https:\/\/doi.org\/10.1002\/spe.2294","archive":["Portico"],"relation":{},"ISSN":["0038-0644","1097-024X"],"issn-type":[{"type":"print","value":"0038-0644"},{"type":"electronic","value":"1097-024X"}],"subject":[],"published":{"date-parts":[[2014,11,10]]}}}