Write a Blog >>

WebAssembly (Wasm) is a next-generation portable compi- lation target for deploying applications written in high-level languages on the web. In order to protect their memory from untrusted code, web browser engines confine the execution of compiled Wasm programs in a memory-safe sand- box. Unfortunately, classic memory-safety vulnerabilities (e.g., buffer overflows and use-after-free) can still corrupt the memory within the sandbox and allow Wasm code to mount severe attacks. To prevent these attacks, we study a class of secure compilers that eliminate (different kinds of) memory safety violations. Following a rigorous approach, we discuss memory safety in terms of hypersafety properties, which let us identify suitable secure compilation critera for memory-safety-preserving compilers. We conjecture that, barring some restrictions at module boundaries, the existing security mechanisms of Wasm may suffice to enforce memory-safety preservation, in the short term. In the long term, we observe that certain features proposed in the design of a memory-safe variant of Wasm could allow compilers to lift these restrictions and enforce relaxed forms of memory safety.

Memory Safety Preservation for WebAssembly (Memory Safety Preservation for WebAssembly.pdf)14.50MiB

Sat 25 Jan

Displayed time zone: Saskatchewan, Central America change

15:35 - 17:45
Compartmentalization, memory safety, and isolationPriSC at Rosalie
Chair(s): Marco Patrignani Stanford University & CISPA , Jonathan Protzenko Microsoft Research, Redmond
15:35
24m
Talk
Flexible Tag-based Policies for Compartmentalized C
PriSC
Sean Anderson Portland State University, Andrew Tolmach Portland State University, CHR Chhak Portland State University
Media Attached File Attached
15:59
24m
Talk
Mechanized Reasoning about a Capability Machine
PriSC
Aina Linn Georges Aarhus University, Alix Trieu Aarhus University, Lars Birkedal Aarhus University
Media Attached
16:23
24m
Talk
Securing Interruptible Enclaves
PriSC
Matteo Busi Università di Pisa - Dipartimento di Informatica, Job Noorman imec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Jo Van Bulck imec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Letterio Galletta IMT School for Advanced Studies, Pierpaolo Degano Università di Pisa - Dipartimento di Informatica, Jan Tobias Mühlberg imec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Frank Piessens KU Leuven
Media Attached File Attached
16:47
10m
Break
Mini-break
PriSC

16:57
24m
Talk
WebAssembly as an Intermediate Language for Provably-Safe Software Sandboxing
PriSC
Jay Bosamiya Carnegie Mellon University, Benjamin Lim Carnegie Mellon University, Bryan Parno Carnegie Mellon University
Media Attached File Attached
17:21
24m
Talk
Memory Safety Preservation for WebAssembly
PriSC
Marco Vassena CISPA Helmholtz Center for Information Security, Marco Patrignani Stanford University & CISPA
Link to publication Media Attached File Attached