CROW: Code Diversification for WebAssembly

The adoption of WebAssembly has rapidly increased in the last few years as it provides a fast and safe model for program execution. However, WebAssembly is not exempt from vulnerabilities that could be exploited by side channels attacks. This class of vulnerabilities that can be addressed by code di...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Authors Javier Cabrera Arteaga, Malivitsis, Orestis, Oscar Vera Pérez, Baudry, Benoit, Monperrus, Martin
Format Paper Journal Article
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 13.10.2021
Subjects
Computer Science - Cryptography and Security
Computer Science - Programming Languages
Computer Science - Software Engineering
Cryptography
Diversification
Software engineering
Source code
Workflow
Online AccessGet full text

Cover

More Information
Summary:The adoption of WebAssembly has rapidly increased in the last few years as it provides a fast and safe model for program execution. However, WebAssembly is not exempt from vulnerabilities that could be exploited by side channels attacks. This class of vulnerabilities that can be addressed by code diversification. In this paper, we present the first fully automated workflow for the diversification of WebAssembly binaries. We present CROW, an open-source tool implementing this workflow. We evaluate CROW's capabilities on 303 C programs and study its use on a real-life security-sensitive program: libsodium, a cryptographic library. Overall, CROWis able to generate diverse variants for 239 out of 303,(79%) small programs. Furthermore, our experiments show that our approach and tool is able to successfully diversify off-the-shelf cryptographic software (libsodium).
ISSN:2331-8422
DOI:10.48550/arxiv.2008.07185