The Limits of Sandboxing and Next Steps

Explore the limitations of sandboxing and future security measures in this 20-minute conference talk from USENIX Enigma 2021. Delve into Chris Palmer's insights from Google Chrome Security as he discusses privilege separation, reduction, and the practical limits of sandboxing in software security. Discover why sandboxing alone is insufficient and learn about the challenges posed by real-world operating systems. Gain valuable knowledge on Chromium's approach to enhancing resilience through increased memory safety, and understand how these techniques can eliminate vulnerabilities or make them infeasible for exploit chains. Benefit from real-world lessons and applicable strategies for security engineers working on various projects, covering topics such as site isolation, memory safety, and their implications for the future of software security.

Intro
Presentation
What is Sandboxing
Site Isolation
Memory Safety
Implications