Write a Blog >>
POPL 2020
Sun 19 - Sat 25 January 2020 New Orleans, Louisiana, United States
POPL 2020 (series) / PriSC 2020 (series) / Principles of Secure Compilation 2020 /

Memory Safety Preservation for WebAssembly

Marco Vassena, Marco Patrignani
PriSC 2020 Principles of Secure Compilation
Sat 25 Jan 2020 17:21 - 17:45 at Rosalie - Compartmentalization, memory safety, and isolation Chair(s): Marco Patrignani, Jonathan Protzenko

WebAssembly (Wasm) is a next-generation portable compi- lation target for deploying applications written in high-level languages on the web. In order to protect their memory from untrusted code, web browser engines confine the execution of compiled Wasm programs in a memory-safe sand- box. Unfortunately, classic memory-safety vulnerabilities (e.g., buffer overflows and use-after-free) can still corrupt the memory within the sandbox and allow Wasm code to mount severe attacks. To prevent these attacks, we study a class of secure compilers that eliminate (different kinds of) memory safety violations. Following a rigorous approach, we discuss memory safety in terms of hypersafety properties, which let us identify suitable secure compilation critera for memory-safety-preserving compilers. We conjecture that, barring some restrictions at module boundaries, the existing security mechanisms of Wasm may suffice to enforce memory-safety preservation, in the short term. In the long term, we observe that certain features proposed in the design of a memory-safe variant of Wasm could allow compilers to lift these restrictions and enforce relaxed forms of memory safety.

https://people.cispa.io/marco.vassena/publications_files/sc-wasm.pdf
Memory Safety Preservation for WebAssembly (Memory Safety Preservation for WebAssembly.pdf)14.50MiB
Marco Vassena
Marco Vassena
CISPA Helmholtz Center for Information Security
Germany
Marco Patrignani
Marco Patrignani
Stanford University & CISPA
United States

Sat 25 Jan
Times are displayed in time zone: Saskatchewan, Central America change

15:35 - 17:45: Compartmentalization, memory safety, and isolationPriSC at Rosalie
Chair(s): Marco PatrignaniStanford University & CISPA , Jonathan ProtzenkoMicrosoft Research, Redmond
15:35 - 15:59
Talk		Flexible Tag-based Policies for Compartmentalized C
PriSC
Sean AndersonPortland State University, Andrew TolmachPortland State University, CHR ChhakPortland State University
Media Attached File Attached
15:59 - 16:23
Talk		Mechanized Reasoning about a Capability Machine
PriSC
Aina Linn GeorgesAarhus University, Alix TrieuAarhus University, Lars BirkedalAarhus University
Media Attached
16:23 - 16:47
Talk		Securing Interruptible Enclaves
PriSC
Matteo BusiUniversità di Pisa - Dipartimento di Informatica, Job Noormanimec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Jo Van Bulckimec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Letterio GallettaIMT School for Advanced Studies, Pierpaolo DeganoUniversità di Pisa - Dipartimento di Informatica, Jan Tobias Mühlbergimec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Frank PiessensKU Leuven
Media Attached File Attached
16:47 - 16:57
Break		Mini-break
PriSC
16:57 - 17:21
Talk		WebAssembly as an Intermediate Language for Provably-Safe Software Sandboxing
PriSC
Jay BosamiyaCarnegie Mellon University, Benjamin LimCarnegie Mellon University, Bryan ParnoCarnegie Mellon University
Media Attached File Attached
17:21 - 17:45
Talk		Memory Safety Preservation for WebAssembly
PriSC
Marco VassenaCISPA Helmholtz Center for Information Security, Marco PatrignaniStanford University & CISPA
Link to publication Media Attached File Attached