CROW: Code Diversification for WebAssembly
| Autor: | Benoit Baudry, Javier Cabrera-Arteaga, Orestis Floros Malivitsis, Martin Monperrus, Oscar Luis Vera-Pérez |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2020 |
| Předmět: |
FOS: Computer and information sciences
WebAssembly Computer Science - Cryptography and Security Computer Science - Programming Languages Programming language Computer science Diversification (marketing strategy) computer.software_genre Web Software Engineering (cs.SE) Datorsystem Computer Science - Software Engineering Computer Systems Diversification Code (cryptography) Cryptography and Security (cs.CR) computer Programming Languages (cs.PL) |
| ISSN: | 2023-0117 |
| Popis: | The adoption of WebAssembly increases rapidly, as it provides a fast and safe model for program execution in the browser. However, WebAssembly is not exempt from vulnerabilities that can be exploited by malicious observers. Code diversification can mitigate some of these attacks. In this paper, we present the first fully automated workflow for the diversification of WebAssembly binaries. We present CROW, an open-source tool implementing this workflow through enumerative synthesis of diverse code snippets expressed in the LLVMintermediate representation. We evaluate CROW’s capabilitieson303C programs and study its use on a real-life security-sensitive program: libsodium, a modern cryptographic library. Overall, CROW is able to generate diverse variants for239out of303 (79%)small programs. Furthermore, our experiments show that our approach and tool is able to successfully diversify off-the-shelf cryptographic software (libsodium). Part of proceedings: ISBN 1-891562-66-5, QC 20230117 |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|