WebAssembly (WASM) is an immensely versatile and increasingly popular compilation target. It executes applications written in several languages (e.g., C/C++) with near-native performance in various domains (e.g., mobile, edge, cloud). Despite WASM’s sandboxing feature, which isolates applications from other instances and the host platform, WASM does not inherently provide any memory safety guarantees for applications written in low-level, unsafe languages, which can render its sandbox properties useless.
To this end, we propose Cage, a hardware-accelerated toolchain for WASM that supports unmodified applications compiled to WASM and utilizes diverse ARM hardware features aiming to enrich the memory safety properties of WASM. Precisely, Cage leverages ARM’s Memory Tagging Extension (MTE) to (i) provide spatial and temporal memory safety for heap and stack allocations and (ii) improve the performance of WASM’s sandboxing mechanism. Cage further employs ARM’s Pointer Authentication (PAC) to prevent leaked pointers from being reused by unintended WASM instances, thus enhancing WASM’s security properties.
We implement our system based on 64-bit WASM. We provide a WASM compiler and runtime with support for ARM’s MTE and PAC. On top of that, Cage’s LLVM-based compiler toolchain transforms unmodified applications to provide spatial and temporal memory safety for stack and heap allocations and prevent function pointer reuse. Our evaluation on real hardware shows that Cage incurs minimal runtime (< 5.8%) and memory (< 3.7%) overheads and can improve the performance of WASM’s sandboxing mechanism, achieving a speedup of over 5.1%, while offering efficient memory safety guarantees.
Tue 4 MarDisplayed time zone: Pacific Time (US & Canada) change
15:20 - 17:00 | Security, Fault Tolerance & CryptographyMain Conference at Casuarina Ballroom (Level 2) Chair(s): Fernando Magno Quintão Pereira Federal University of Minas Gerais | ||
15:20 20mTalk | Qiwu: Exploiting Ciphertext-Level SIMD Parallelism in Homomorphic Encryption Programs Main Conference Zhang zhongcheng Institute of Computing Technology at Chinese Academy of Sciences; University of Chinese Academy of Sciences; Zhongguancun Laboratory, Ying Liu Institute of Computing Technology, Chinese Academy of Sciences, Yuyang Zhang Institute of Computing Technology at Chinese Academy of Sciences; University of Chinese Academy of Sciences;, Zhenchuan Chen Institute of Computing Technology, Chinese Academy of Sciences, Jiacheng Zhao Institute of Computing Technology at Chinese Academy of Sciences; University of Chinese Academy of Sciences; Zhongguancun Laboratory, Xiaobing Feng ICT CAS, Huimin Cui Institute of Computing Technology, Chinese Academy of Sciences, Jingling Xue UNSW Sydney | ||
15:40 20mTalk | Cage: Hardware-Accelerated Safe WebAssembly Main Conference Martin Fink Technical University of Munich, Dimitrios Stavrakakis TU Munich and University of Edinburgh, Dennis Sprokholt TU Delft, Soham Chakraborty TU Delft, Jan-Erik Ekberg Huawei Technologies LLC, Pramod Bhatotia TU Munich, Germany | ||
16:00 20mTalk | Teapot: Efficiently Uncovering Spectre Gadgets in COTS Binaries Main Conference Fangzheng Lin Institute of Science Tokyo, Zhongfa Wang Institute of Science Tokyo, Hiroshi Sasaki Institute of Science Tokyo | ||
16:20 20mTalk | Janitizer: Rethinking Binary Tools for Practical and Comprehensive Security Main Conference Mahwish Arif University of Cambridge, Sam Ainsworth University of Edinburgh, Timothy M. Jones University of Cambridge Pre-print | ||
16:40 20mTalk | Parallaft: Runtime-based CPU Fault Tolerance via Heterogeneous Parallelism Main Conference Boyue Zhang University of Cambridge, Sam Ainsworth University of Edinburgh, Lev Mukhanov Queen Mary University London, Timothy M. Jones University of Cambridge Pre-print | ||