The challenge of running untrusted code safely while maintaining high performance has long been a concern in cloud computing and web services. A new project called Drogon Sandbox demonstrates an innovative approach to this problem, achieving impressive performance metrics while ensuring robust isolation between processes.
Lightning-Fast Isolation with RISC-V Emulation
The project implements a unique sandboxing solution using RISC-V emulation, allowing for extremely fast process isolation. Unlike traditional virtual machines or containers, this approach can instantiate and destroy sandboxes within microseconds while handling an impressive 1.7 million requests per second with 64 threads. The system adds only about 1 microsecond of overhead compared to vanilla Drogon server responses at 800,000 requests per second.
Performance Metrics:
- 8 threads: 803,251 requests/sec, 9.51μs average latency
- 32 threads: 1,443,679 requests/sec, 22.49μs average latency
- 64 threads: 1,736,727 requests/sec, 39.44μs average latency
Overhead Comparison:
- Vanilla Drogon: 8.54μs average latency
- Sandboxed version: 9.51μs average latency
- Additional overhead: ~1μs per request
Security Through Complete Isolation
Community discussions reveal that the security model relies on libriscv, which emulates RISC-V programs in an isolated context where Linux syscalls are carefully controlled. This approach differs from traditional hypervisor-based virtual machines, offering a lighter-weight but still effective isolation mechanism.
The boundary between the host and the guest, the system call API, is always going to be the biggest vector of attacks no matter what the solution used is. But, if you find a problem and fix it, you're back to being safe again, unlike if you don't have any sandboxing at all.
Alternative Approaches and Use Cases
While this project serves as a proof-of-concept, the community has highlighted several alternative solutions for similar use cases, including Firecracker for full VM isolation, gVisor for containerized workloads, and Lua with sandboxing for game development scenarios. Each approach offers different trade-offs between security, performance, and ease of implementation.
Limitations and Practical Applications
It's important to note that while the performance numbers are impressive, this solution may not be suitable for all production environments. The project explicitly states it contains only the necessary parts for realistic benchmarking, lacking production-ready features like comprehensive observability, logging, and metering systems. Additionally, being RISC-V emulation-based, it may not achieve the same level of performance as hardware-virtualized solutions like Firecracker for compute-intensive workloads.
Reference: Drogon Sandbox