TY - GEN
T1 - Position paper
T2 - 8th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2019
AU - Disselkoen, Craig
AU - Renner, John
AU - Watt, Conrad
AU - Garfinkel, Tal
AU - Levy, Amit
AU - Stefan, Deian
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/6/23
Y1 - 2019/6/23
N2 - WebAssembly (Wasm) is a low-level platform-independent bytecode language. Today, developers can compile C/C++ to Wasm and run it everywhere, at almost native speeds. Unfortunately, this compilation from C/C++ to Wasm also preserves classic memory safety vulnerabilities, such as buffer overflows and use-after-frees. New processor features (e.g., tagged memory, pointer authentication, and fine grain capabilities) are making it increasingly possible to detect, mitigate, and prevent such vulnerabilities with low overhead. Unfortunately, Wasm JITs and compilers cannot exploit these features. Critical high-level information-e.g., the size of an array- is lost when lowering to Wasm. We present MS-Wasm, an extension to Wasm that bridges this gap by allowing developers to capture low-level C/C++ memory semantics such as pointers and memory allocation inWasm, at compile time. At deployment time, Wasm compilers and JITs can leverage these added semantics to enforce different models of memory safety depending on user preferences and what hardware is available on the target platform. This way, MS-Wasm offers a range of security-performance trade-offs, and enables users to move to progressively stronger models of memory safety as hardware evolves.
AB - WebAssembly (Wasm) is a low-level platform-independent bytecode language. Today, developers can compile C/C++ to Wasm and run it everywhere, at almost native speeds. Unfortunately, this compilation from C/C++ to Wasm also preserves classic memory safety vulnerabilities, such as buffer overflows and use-after-frees. New processor features (e.g., tagged memory, pointer authentication, and fine grain capabilities) are making it increasingly possible to detect, mitigate, and prevent such vulnerabilities with low overhead. Unfortunately, Wasm JITs and compilers cannot exploit these features. Critical high-level information-e.g., the size of an array- is lost when lowering to Wasm. We present MS-Wasm, an extension to Wasm that bridges this gap by allowing developers to capture low-level C/C++ memory semantics such as pointers and memory allocation inWasm, at compile time. At deployment time, Wasm compilers and JITs can leverage these added semantics to enforce different models of memory safety depending on user preferences and what hardware is available on the target platform. This way, MS-Wasm offers a range of security-performance trade-offs, and enables users to move to progressively stronger models of memory safety as hardware evolves.
KW - Memory safety
KW - Tagged memory
KW - Wasm
KW - WebAssembly
UR - http://www.scopus.com/inward/record.url?scp=85068879593&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85068879593&partnerID=8YFLogxK
U2 - 10.1145/3337167.3337171
DO - 10.1145/3337167.3337171
M3 - Conference contribution
AN - SCOPUS:85068879593
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2019
PB - Association for Computing Machinery
Y2 - 23 June 2019
ER -