Supervising execution of untrusted code

摘要

Disclosed are various embodiments for supervising execution of untrusted code. Untrusted code that is to be executed in a computing device is obtained. A virtual machine in the computing device is configured to execute the untrusted code, with one or more resource access restrictions being placed on the untrusted code. Periodic updates are obtained from the virtual machine relating to one or more resources of the computing device that are consumed by the virtual machine. Execution of the untrusted code in the virtual machine is interrupted in response to a value indicated by one or more of the periodic updates.

主权项

1. A non-transitory computer-readable medium embodying a program executable in a computing device, the program comprising:
code that obtains a request to execute a transformation of a document; code that rejects the request when the transformation is associated with an access violation penalty; code that configures a virtual machine to execute the transformation of the document, wherein the virtual machine is a child process of the program; code that configures the virtual machine to enforce at least one system access restriction on the transformation, the virtual machine being configured to terminate execution of the transformation upon violation of the at least one system access restriction; code that associates the transformation with the access violation penalty in response to the virtual machine determining that the transformation has violated the at least one system access restriction; code that determines a first threshold, a second threshold, and a third threshold based at least in part on a usage penalty associated with the transformation, wherein the code that determines the first threshold, the second threshold, and the third threshold decreases the first threshold, the second threshold, and the third threshold when the usage penalty increases; code that obtains a periodic update regarding the virtual machine when the transformation is executing, the periodic update indicating a memory usage of the virtual machine, a processor usage of the virtual machine, and an execution time associated with the transformation; code that interrupts, by the program, execution of the transformation when the memory usage meets the first threshold; code that interrupts, by the program, execution of the transformation when the processor usage meets the second threshold; code that interrupts, by the program, execution of the transformation when the execution time associated with the transformation meets the third threshold; code that increases the usage penalty associated with the transformation when the transformation is interrupted by meeting the first threshold, the second threshold, or the third threshold; and code that returns a result of the transformation.