Zobraziť v EDS

WASP: Stack protection for WebAssembly.

Uložené v:
Podrobná bibliografia
Názov: WASP: Stack protection for WebAssembly.
Autori: Massey, Ewan1 (AUTHOR) ewanmassey1@gmail.com, Olivier, Pierre1 (AUTHOR) pierre.olivier@manchester.ac.uk
Zdroj: Journal of Systems Architecture. Mar2026, Vol. 172, pN.PAG-N.PAG. 1p.
Predmety: *COMPUTER security vulnerabilities, *SECURITY management, COMPILERS (Computer programs), COMPUTER performance
Abstrakt: WebAssembly is a binary executable format designed as a compilation target enabling high-level language code to be run natively in web browsers, JavaScript runtimes, and standalone interpreters. Previous work has highlighted WebAssembly's vulnerability to traditional memory exploits, such as stack smashing (stack-based buffer overflows), when compiled from memory-unsafe languages. Such vulnerabilities are used as a component in impactful end-to-end exploits, hence the design and implementation in WebAssembly of mitigations against memory exploits, such as stack canaries, is needed. We present WASP, an implementation of stack-based buffer overflow protection using stack canaries within Emscripten, the leading C and C++ to WebAssembly compiler. Further, we provide an extension to the standard stack smashing protection design, offering extra security against canary leak attacks by randomizing the canary on a per-function call basis. We verify WASP's effectiveness against proof-of-concept exploits. Evaluation results show that the overheads brought by WASP on execution time, executable binary size, and compilation workflow are negligible to low in all platforms considered: the Chromium web browser, the Node.js JavaScript runtime, as well as the standalone WebAssembly runtimes Wasmer and WAVM. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Systems Architecture is the property of Elsevier B.V. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Databáza: Business Source Index
Popis
Abstrakt:WebAssembly is a binary executable format designed as a compilation target enabling high-level language code to be run natively in web browsers, JavaScript runtimes, and standalone interpreters. Previous work has highlighted WebAssembly's vulnerability to traditional memory exploits, such as stack smashing (stack-based buffer overflows), when compiled from memory-unsafe languages. Such vulnerabilities are used as a component in impactful end-to-end exploits, hence the design and implementation in WebAssembly of mitigations against memory exploits, such as stack canaries, is needed. We present WASP, an implementation of stack-based buffer overflow protection using stack canaries within Emscripten, the leading C and C++ to WebAssembly compiler. Further, we provide an extension to the standard stack smashing protection design, offering extra security against canary leak attacks by randomizing the canary on a per-function call basis. We verify WASP's effectiveness against proof-of-concept exploits. Evaluation results show that the overheads brought by WASP on execution time, executable binary size, and compilation workflow are negligible to low in all platforms considered: the Chromium web browser, the Node.js JavaScript runtime, as well as the standalone WebAssembly runtimes Wasmer and WAVM. [ABSTRACT FROM AUTHOR]
ISSN:13837621
DOI:10.1016/j.sysarc.2025.103666