RockSalt is tiny app designed to run on systems with x86 processors that will verify code that accesses a wide range of computer features, but will remain in its sandbox and adhere to a secured environment. The name of the program is a word play referring to Google's Native Client for Chrome, short NaCl. In a chemical view, NaCl stands for sodium chloride, commonly known as tablet salt.
Google was first to use NaCl to allow developers to run native code in Chrome, and not just via JavaScript. However, due to vulnerabilities, NaCl's pace was slowed. According to the Harvard researchers, Rocksalt is a "simple but incredibly powerful system" with no know vulnerabilities that guarantees that native code designed targeted at a browser, in fact, is secure before the code is run. Compared to Google's 600 lines of code, RockSalt has only 80 and is claimed to be significantly faster.
“The biggest benefit may be that users can have more peace of mind that a piece of software works as they want it to," said Greg Morrisett, professor of Computer Science at the Harvard School of Engineering and Applied Sciences. "For users, the impact of such a tool is slightly more tangible; it allows users to safely run, for example, games, in a web browser without the painfully slow speeds that translated code traditionally provides."
Google funded the project at Harvard, but was not involved in the development of RockSalt otherwise. the researchers said that the researchers expect that their tool "might end up being adopted and integrated into future versions of common web browsers." Morrisett noted that there are plans plans to "adapt the tool for use in a broader variety of processors."
