metaSafer: A Technique to Detect Heap Metadata Corruption in WebAssembly

• Published in: IEEE access Vol. 11; pp. 124887 - 124898
• Main Authors: Song, Suhyeon, Park, Seonghwan, Kwon, Donghyun
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 2023; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Codes; Corruption; Data transfer (computers); Hardware; Image processing; javaScript; Lightweight; Metadata; metadata corruption; Optimization; Safety; Security; spatial memory safety; Verification; Video; Virtual environments; Virtual machining; Virtual memory systems; Web services; WebAssemlby
• ISSN: 2169-3536; 2169-3536
• DOI: 10.1109/ACCESS.2023.3327817

WebAssembly (Wasm), a technology enabling efficient native code execution in web browsers, has seen a significant rise in adoption as a popular compilation target. This has led to the emergence of lightweight web services powered by Wasm, characterized by their small binary size and reduced data transfer overhead, thanks to the inherent efficiency of Wasm. Despite their lightweight nature, these services can deliver powerful features like image/video processing, AI and graphical application that surpass the capabilities of JavaScript. To ensure lightweight web services and enhance the overall web experience, Wasm has been extensively optimized. However, these optimizations have raised concerns about memory safety, leading to memory-related vulnerabilities. Wasm's characteristic memory structure, linear memory, has vulnerabilities that provide various attack vectors to attackers. In particular, it presents various attack possibilities through metadata modification containing memory structure information. Attackers can exploit heap memory overflow in Wasm applications, allowing them to target arbitrary memory addresses, modify data, or execute arbitrary code. Such overflows can corrupt memory metadata, resulting in incorrect memory behavior. While research has mitigate memory-related weaknesses in languages such as C and C++ and architectures like X86 in recent decades, the direct application of security solutions designed for different domains to Wasm is not a practical approach. Consequently, allocators in Wasm remain vulnerable to issues like heap overflow and metadata corruption. Thus, there is a pressing need for tailored memory safety techniques and solutions that accommodate Wasm's architecture-agnostic and linear memory structures. In this paper, we propose metaSafer as a solution. By shadowing metadata from Wasm linear memory to JavaScript virtual machine memory and conducting metadata verification, metaSafer effectively blocks attack attempts and vectors. Notably, our solution achieves fast memory shadowing and validation while maintaining a small code size. Through various verification processes, we measured the performance and code size of metaSafer, revealing that it is a software-only security solution with no additional hardware requirements. metaSafer demonstrates robust metadata protection for Wasm applications with an acceptable performance overhead of up to 8% in SQLite speed tests and Polybench benchmarks.