WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone

Ménétrey, Jämes; Pasin, Marcelo; Felber, Pascal; Schiavoni, Valerio

doi:10.1109/icdcs54860.2022.00116

Cited by 18 publications

(12 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…WATZ [37] executes ahead-of-time compiled Wasm applications in Arm TrustZone. WATZ implements remote attestation for TrustZone.…”

Section: Related Workmentioning

confidence: 99%

“…WolfSSL supports mainstream ciphers and the TLS protocol, which can be used to set up trusted communication channels. Using a renowned cryptographic library compiled in Wasm has many advantages: (1) the library is platform-independent and reusable in other TEEs (e.g., TrustZone with WATZ [37]), (2) the library can be statically linked to any application when compiled into the Wasm format, and (3) the library can also leverage the multi-module feature of WAMR, the runtime which TWINE is based on, which enables Wasm applications to load dependencies dynamically (i.e., at runtime), which eliminates the burden of static linking, and abstracts a specific implementation of the library. A WASI proposal already exists to bring cryptography to Wasm applications by the runtime.…”

Section: Communication Supportmentioning

confidence: 99%

“…RA is a cornerstone feature of TEEs, as it ensures the authenticity of the executing code, including Wasm applications in the context of TWINE. We worked with the open-source community of WAMR [56], [57] to define additional functions in the runtime to interact with the attestation features of Intel SGX. Consequently, Wasm applications within our system can interface with Intel SGX to generate quotes during attestation.…”

Section: Attestationmentioning

confidence: 99%

See 2 more Smart Citations

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

Ménétrey,

Pasin,

Felber

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

In real-world scenarios, trusted execution environments (TEEs) frequently host applications that lack the trust of the infrastructure provider, as well as data owners who have specifically outsourced their data for remote processing. We present TWINE, a trusted runtime for running WebAssembly-compiled applications within TEEs, establishing a two-way sandbox. TWINE leverages memory safety guarantees of WebAssembly (Wasm) and abstracts the complexity of TEEs, empowering the execution of legacy and languageagnostic applications. It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O. Additionally, through built-in TEE mechanisms, TWINE delivers attestation capabilities to ensure the integrity of the runtime and the OS services supplied to the application. We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions. A case study involving fintech company Credora reveals that TWINE can be deployed in production with reasonable performance trade-offs, ranging from a 0.7× slowdown to a 1.17× speedup compared to native run time. Finally, we identify performance improvement through library optimisation, showcasing one such adjustment that leads up to 4.1× speedup. TWINE is open-source and has been upstreamed into the original Wasm runtime, WAMR.

show abstract

“…WATZ [37] executes ahead-of-time compiled Wasm applications in Arm TrustZone. WATZ implements remote attestation for TrustZone.…”

Section: Related Workmentioning

confidence: 99%

Section: Communication Supportmentioning

confidence: 99%

Section: Attestationmentioning

confidence: 99%

See 1 more Smart Citation

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

Ménétrey,

Pasin,

Felber

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…However, given the native execution speed of Wasm binaries [23], cybercriminals continuously try to abuse Wasm binaries to exfiltrate sensitive data. Solutions exist to deploy a double-sandbox approach to fully isolate the Wasm runtime from the host and vice versa, for instance, leveraging off-the-shelf trusted execution environments [13,14]. To integrate such TEEbased approaches in our revised IncaMail architecture, a TEE-aware abstraction layer available across a variety of devices (i.e., server, client, mobile) is currently missing.…”

Section: Wasm As General Protection Techniquementioning

confidence: 99%

Preventing EFail Attacks with Client-Side WebAssembly: The Case of Swiss Post's IncaMail

Gerig,

Ménétrey,

Lanoix

et al. 2023

Proceedings of the 17th ACM International Conference on Distributed and Event-Based Systems

View full text Add to dashboard Cite

Traditional email encryption schemes are vulnerable to EFail attacks, which exploit the lack of message authentication by manipulating ciphertexts and exfiltrating plaintext via HTML backchannels. Swiss Post's IncaMail, a secure email service for transmitting legally binding, encrypted, and verifiable emails, counters EFail attacks using an authenticatedencryption with associated data (AEAD) encryption scheme to ensure message privacy and authentication between servers. IncaMail relies on a trusted infrastructure backend and encrypts messages per user policy. This paper presents a revised IncaMail architecture that offloads the majority of cryptographic operations to clients, offering benefits such as reduced computational load and energy footprint, relaxed trust assumptions, and per-message encryption key policies. Our proof-of-concept prototype and benchmarks demonstrate the robustness of the proposed scheme, with clientside WebAssembly-based cryptographic operations yielding significant performance improvements (up to ~14×) over conventional JavaScript implementations.

show abstract

“…TEEs can lead to a restriced white-box scenario, i.e., a stricter setting in which the attacker cannot access absolutely everything from the model he seeks to defeat, hence impairing his white-box attack protocols designed for the looser hypothesis. In our context, we deal specifically with TrustZone, given its vast adoption, performance [2] and support for attestation [32]. However, TrustZone enclaves have limited memory (up to 30 MB in some scenarios), making it challenging to completely shield the state of the art Transformer architectures often larger than 500 MB.…”

Section: Fl Servermentioning

confidence: 99%

Pelta

Queyrut

Bromberg

Schiavoni

2022

Proceedings of the 3rd International Workshop on Distributed Machine Learning

Self Cite

View full text Add to dashboard Cite

The main premise of federated learning is that machine learning model updates are computed locally, in particular to preserve user data privacy, as those never leave the perimeter of their device. This mechanism supposes the general model, once aggregated, to be broadcast to collaborating and non malicious nodes. However, without proper defenses, compromised clients can easily probe the model inside their local memory in search of adversarial examples. For instance, considering image-based applications, adversarial examples consist of imperceptibly perturbed images (to the human eye) misclassified by the local model, which can be later presented to a victim node's counterpart model to replicate the attack. To mitigate such malicious probing, we introduce Pelta, a novel shielding mechanism leveraging trusted hardware. By harnessing the capabilities of Trusted Execution Environments (TEEs), Pelta masks part of the back-propagation chain rule, otherwise typically exploited by attackers for the design of malicious samples. We evaluate Pelta on a state of the art ensemble model and demonstrate its effectiveness against the Self Attention Gradient adversarial Attack.

show abstract

WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone

Cited by 18 publications

References 33 publications

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

A Comprehensive Trusted Runtime for WebAssembly With Intel SGX

Preventing EFail Attacks with Client-Side WebAssembly: The Case of Swiss Post's IncaMail

Pelta

Contact Info

Product

Resources

About