Updated publications

Trolloldem · Nov 7, 2023 · bff7de4 · bff7de4
1 parent b4150f7
commit bff7de4
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 2 deletions.
diff --git a/content/publications/asiaccs2023_paper.md b/content/publications/asiaccs2023_paper.md
@@ -28,6 +28,6 @@ recent CVEs, while runtime experiments prove its efficiency.
 ##### Authors:
 Marco Abbadini, Michele Beretta, Dario Facchinetti, Gianluca Oldani, Matthew Rossi, Stefano Paraboschi
 
-##### The Paper will be presented at:&nbsp;<a href="https://asiaccs2023.org/" target="_blank">AsiaCCS 2023</a>
+##### The Paper has been presented at:&nbsp;<a href="https://asiaccs2023.org/" target="_blank">AsiaCCS 2023</a>
 
 ##### <a href="https://cs.unibg.it/seclab-papers/2023/ASIACCS/paper/cage4deno.pdf" target="_blank">Link to PDF</a>
diff --git a/content/publications/asiaccs2023_poster.md b/content/publications/asiaccs2023_poster.md
@@ -10,6 +10,6 @@ In this work we propose a solution aimed at enhancing the security of the sandbo
 ##### Authors:
 Marco Abbadini, Michele Beretta, Dario Facchinetti, Gianluca Oldani, Matthew Rossi, Stefano Paraboschi
 
-##### The Paper will be presented at:&nbsp;<a href="https://asiaccs2023.org/" target="_blank">AsiaCCS 2023</a>
+##### The Paper has been presented at:&nbsp;<a href="https://asiaccs2023.org/" target="_blank">AsiaCCS 2023</a>
 
 ##### <a href="https://cs.unibg.it/seclab-papers/2023/ASIACCS/poster/enhance-wasm-sandbox.pdf" target="_blank">Link to PDF</a>
diff --git a/content/publications/natisand.md b/content/publications/natisand.md
@@ -0,0 +1,32 @@
++++
+title = "NatiSand: Native Code Sandboxing for JavaScript Runtimes"
+date = "2023-10-16"
+aliases = ["RAID","ACM","WebAssembly","Landlock LSM",
+"eBPF", "sandboxing", "Deno", "Cage4Deno", "GLACIATION", "JavaScript"]
+[ author ]
+  name = "Gianluca Oldani"
++++
+This work takes into consideration modern runtimes that render JavaScript code 
+in a secure and isolated environment, 
+but when they execute binary programs and shared libraries, no isolation 
+guarantees are provided. This is an important limitation, and it affects many 
+popular runtimes including Node.js, Deno, and Bun.
+
+In this paper we propose NatiSand, a component for JavaScript runtimes that 
+leverages Landlock, eBPF, and Seccomp to control the filesystem, Inter-Process 
+Communication (IPC), and network resources available to binary programs and 
+shared libraries. NatiSand does not require changes to the application code and 
+offers to the user an easy interface. To demonstrate the effectiveness and 
+efficiency of our approach we implemented NatiSand and integrated it into Deno, 
+a modern, security-oriented JavaScript runtime. We reproduced a number of 
+vulnerabilities affecting third-party code, showing how they are mitigated by 
+NatiSand. We also conducted an extensive experimental evaluation to assess the 
+performance, proving that our approach is competitive with state of the art code 
+sandboxing solutions. The implementation is available open source.
+
+##### Authors:
+Marco Abbadini, Dario Facchinetti, Gianluca Oldani, Matthew Rossi, Stefano Paraboschi
+
+##### The Paper has been presented at:&nbsp;<a href="https://raid2023.org/welcome.html" target="_blank">RAID 2023</a>
+
+##### <a href="https://dl.acm.org/doi/10.1145/3607199.3607233" target="_blank">Link to paper</a>