This is a really powerful tool and I hope we see this used more. Traditional process based sandboxing is very efficient inside the process, but IPC is very expensive. This approach flips the tradeoffs exactly backwards as the sandboxed code is slower, but IPC is nearly free. This means that it can cover exactly the space that was too expensive to sandbox before. The two approaches are perfect compliments for each other. I now imagine that the vast majority of code can be put into one of these two groups leaving very little code that is unable to be sandboxed for performance reasons.
I was thinking this implementation looks very similar to eBPF, where the injected code is translated to safe and native instructions, which improves security and performance. I wonder if they got some inspiration from the verifier+jit approach in the linux kernel. this is very very good and cool imo.
This is a really powerful tool and I hope we see this used more. Traditional process based sandboxing is very efficient inside the process, but IPC is very expensive. This approach flips the tradeoffs exactly backwards as the sandboxed code is slower, but IPC is nearly free. This means that it can cover exactly the space that was too expensive to sandbox before. The two approaches are perfect compliments for each other. I now imagine that the vast majority of code can be put into one of these two groups leaving very little code that is unable to be sandboxed for performance reasons.
I was thinking this implementation looks very similar to eBPF, where the injected code is translated to safe and native instructions, which improves security and performance. I wonder if they got some inspiration from the verifier+jit approach in the linux kernel. this is very very good and cool imo.