posted on 2023-11-29, 18:23authored byMarco Vassena, Marco Patrignani
WebAssembly (Wasm) is a next-generation portable compilation target for deploying applications written in high-level languages on the web. In order to protect their memory from untrusted code, web browser engines confine the execution of compiled Wasm programs in a memory-safe sandbox. Unfortunately, classic memory-safety vulnerabilities (e.g., buffer overflows and use-after-free) can still corrupt the memory within the sandbox and allow Wasm code to mount severe attacks. To prevent these attacks, we study a class of secure compilers that eliminate (different kinds of) of memory safety violations. Following a rigorous approach, we discuss memory safety in terms of hypersafety properties, which let us identify suitable secure compilation criteria for memory-safety-preserving compilers. We conjecture that, barring some restrictions at module boundaries, the existing security mechanisms of Wasm may suffice to enforce memory-safety preservation, in the short term. In the long term, we observe that certain features proposed in the design of a memory-safe variant of Wasm could allow compilers to lift these restrictions and enforce relaxed forms of memory safety.
History
Preferred Citation
Marco Vassena and Marco Patrignani. Memory Safety Preservation for WebAssembly. In: Workshop on Principles of Secure Compilation (PriSC). 2019.
Primary Research Area
Reliable Security Guarantees
Name of Conference
Workshop on Principles of Secure Compilation (PriSC)
Legacy Posted Date
2020-12-14
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3331,
title = "Memory Safety Preservation for WebAssembly",
author = "Vassena, Marco and Patrignani, Marco",
booktitle="{Workshop on Principles of Secure Compilation (PriSC)}",
year="2019",
}