Position paper: Progressive memory safety for WebAssembly

Craig Disselkoen, John Renner, Conrad Watt, Tal Garfinkel, Amit Levy, Deian Stefan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Scopus citations

Abstract

WebAssembly (Wasm) is a low-level platform-independent bytecode language. Today, developers can compile C/C++ to Wasm and run it everywhere, at almost native speeds. Unfortunately, this compilation from C/C++ to Wasm also preserves classic memory safety vulnerabilities, such as buffer overflows and use-after-frees. New processor features (e.g., tagged memory, pointer authentication, and fine grain capabilities) are making it increasingly possible to detect, mitigate, and prevent such vulnerabilities with low overhead. Unfortunately, Wasm JITs and compilers cannot exploit these features. Critical high-level information-e.g., the size of an array- is lost when lowering to Wasm. We present MS-Wasm, an extension to Wasm that bridges this gap by allowing developers to capture low-level C/C++ memory semantics such as pointers and memory allocation inWasm, at compile time. At deployment time, Wasm compilers and JITs can leverage these added semantics to enforce different models of memory safety depending on user preferences and what hardware is available on the target platform. This way, MS-Wasm offers a range of security-performance trade-offs, and enables users to move to progressively stronger models of memory safety as hardware evolves.

Original languageEnglish (US)
Title of host publicationProceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2019
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450372268
DOIs
StatePublished - Jun 23 2019
Event8th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2019 - Phoenix, United States
Duration: Jun 23 2019 → …

Publication series

NameACM International Conference Proceeding Series

Conference

Conference8th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2019
Country/TerritoryUnited States
CityPhoenix
Period6/23/19 → …

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Keywords

  • Memory safety
  • Tagged memory
  • Wasm
  • WebAssembly

Fingerprint

Dive into the research topics of 'Position paper: Progressive memory safety for WebAssembly'. Together they form a unique fingerprint.

Cite this