Compositional Information Flow Analysis for WebAssembly Programs

Stiévenart, Quentin; Roover, Coen De

doi:10.1109/scam51674.2020.00007

Cited by 23 publications

(18 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Static analysis can also help identify potential security risks in an application. Wassail [28] is a static analysis framework for WebAssembly that has been used to build an information flow analysis [27] in order to detect higher-level security concerns such as leaks of sensitive information.…”

Section: Hardening Webassemblymentioning

confidence: 99%

Security risks of porting C programs to webassembly

Stiévenart

Roover

Ghafari

2022

Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing

View full text Add to dashboard Cite

show abstract

Section: Hardening Webassemblymentioning

confidence: 99%

Security risks of porting C programs to webassembly

Stiévenart

Roover

Ghafari

2022

Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing

View full text Add to dashboard Cite

show abstract

“…Johnson et al [33], on the other hand, propose fault isolation for WebAssembly binaries, a technique that can be applied before being deployed to the edge-cloud platforms. Stievenart et al [55] design a static analysis dedicated to information flow problems. Bian et al [14] performs runtime monitoring of WebAssembly to detect cryptojacking.…”

Section: Related Work On Webassembly Securitymentioning

confidence: 99%

Multi-variant Execution at the Edge

Cabrera-Arteaga

Laperdrix

Monperrus

et al. 2022

Proceedings of the 9th ACM Workshop on Moving Target Defense

View full text Add to dashboard Cite

Edge-Cloud computing offloads parts of the computations that traditionally occurs in the cloud to edge nodes. The binary format Web-Assembly is increasingly used to distribute and deploy services on such platforms. Edge-Cloud computing providers let their clients deploy stateless services in the form of WebAssembly binaries, which are then translated to machine code, sandboxed and executed at the edge. In this context, we propose a technique that (i) automatically diversifies WebAssembly binaries that are deployed to the edge and (ii) randomizes execution paths at runtime. Thus, an attacker cannot exploit all edge nodes with the same payload. Given a service, we automatically synthesize functionally equivalent variants for the functions providing the service. All the variants are then wrapped into a single multivariant WebAssembly binary. When the service endpoint is executed, every time a function is invoked, one of its variants is randomly selected. We implement this technique in the MEWE tool and we validate it with 7 services for which MEWE generates multivariant binaries that embed hundreds of function variants. We execute the multivariant binaries on the world-wide edge platform provided by Fastly, as part as a research collaboration. We show that multivariant binaries exhibit a real diversity of execution traces across the whole edge platform distributed around the globe. CCS CONCEPTS• Security and privacy → Security protocols; Security protocols; • Software and its engineering → Automatic programming; Automatic programming.

show abstract

“…Comparison against related systems: To put Wasmati's results in perspective, we compared it against the closest-related system in the literature named Wassail [35]. Wassail is a static taint analysis tool for WebAssembly programs focused exclusively on information flow analysis.…”

Section: Scalability Assessmentmentioning

confidence: 99%

“…Wasabi [23] is a general framework for instrumenting Wasm binaries and can be used to implement different types of dynamic analyzes. To the best of our knowledge, there are only three taint analysis tools for WebAssembly: TaintAssembly [14], the tool presented in [37], and Wassail [35], with the former two being dynamic and the latter static. Wassail implements a data flow analysis algorithm that has not been tailored for vulnerability detection.…”

Section: Related Workmentioning

confidence: 99%

“…In particular, unlike Wassail, Wasmati specifically tracks constant and function dependencies, which are fundamental to reason about a large number of security vulnerabilities. Importantly, the authors of [35] do not demonstrate how Wassail can be used to enable a vulnerability detection tool. Wasmati is the first CPG-based framework for detecting vulnerabilities in WebAssembly code.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Wasmati: An Efficient Static Vulnerability Scanner for WebAssembly

Brito,

Lopes,

Santos

et al. 2022

Preprint

View full text Add to dashboard Cite

WebAssembly is a new binary instruction format that allows targeted compiled code written in high-level languages to be executed with near-native speed by the browser's JavaScript engine. However, given that WebAssembly binaries can be compiled from unsafe languages like C/C++, classical code vulnerabilities such as buffer overflows or format strings can be transferred over from the original programs down to the cross-compiled binaries. As a result, this possibility of incorporating vulnerabilities in WebAssembly modules has widened the attack surface of modern web applications.This paper presents Wasmati, a static analysis tool for finding security vulnerabilities in WebAssembly binaries. It is based on the generation of a code property graph (CPG), a program representation previously adopted for detecting vulnerabilities in various languages but hitherto unapplied to WebAssembly. We formalize the definition of CPG for WebAssembly, introduce techniques to generate CPG for complex WebAssembly, and present four different query specification languages for finding vulnerabilities by traversing a program's CPG. We implemented ten queries capturing different vulnerability types and extensively tested Wasmati on four heterogeneous datasets. We show that Wasmati can scale the generation of CPGs for large real-world applications and can efficiently find vulnerabilities for all our query types. We have also tested our tool on WebAssembly binaries collected in the wild and identified several potential vulnerabilities, some of which we have manually confirmed to exist unless the enclosing application properly sanitizes the interaction with such affected binaries.

show abstract

Compositional Information Flow Analysis for WebAssembly Programs

Cited by 23 publications

References 58 publications

Security risks of porting C programs to webassembly

Security risks of porting C programs to webassembly

Multi-variant Execution at the Edge

Wasmati: An Efficient Static Vulnerability Scanner for WebAssembly

Contact Info

Product

Resources

About