Navigating the Sandbox Buffet

Note: Presentation times are in Pacific Standard Time (PST).

Tuesday, January 24, 2023 - 3:10 pm3:40 pm

Maxime Serrano, Figma, Inc.

Abstract: 

Buggy software is a fact of life, and preventing all security vulnerabilities is near impossible. Organizations often have no choice but to run potentially risky software, such as parsing, thumbnailing, or compression libraries, within their infrastructure to do even basic work. Such software is frequently implemented in memory-unsafe languages, by third-parties, and is seldom designed to handle hostile user input. It’s no surprise that security news is replete with bug names like “ImageTragick.”

Fortunately, sandboxing can be a powerful defense in these scenarios. In the past, sandbox technologies were often expensive, immature, and operationally fickle, so only well-resourced organizations could leverage them effectively at scale. But today, we live in a democratized era of the sandbox buffet, where there is a surfeit of different ways to virtualize, contain, and jail processing. With so many options, it’s easier than ever to pick the right combination of sandboxing techniques that provide the most appropriate set of tradeoffs for isolating your workloads.

Maxime Serrano, Figma

Max is an engineer on the production security team at Figma, where he’s contributed to various initiatives improving Figma’s security posture across different areas of security, from securing the core infrastructure and product to mitigating spam on the platform. Previously, he worked on the production security team at Dropbox, including in particular on the sandboxing system used in their previewing and content processing pipelines.
BibTeX
@conference {285607,
author = {Maxime Serrano},
title = {Navigating the Sandbox Buffet},
year = {2023},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jan,
}