Abstract
WebAssembly seeks to provide an alternative to running large and untrusted binaries within web browsers by implementing a portable, performant, and secure bytecode format for native web computation. However, WebAssembly is largely unstudied from a security perspective. In this work, we build the first WebAssembly virtual machine that runs in native JavaScript, and implement a novel taint tracking system that allows a user to run untrusted WebAssembly code while monitoring the flow of sensitive data through the application. We also introduce indirect taint, a label that denotes the implicit flow of sensitive information between local variables. Through rigorous testing and validation, we show that our system is correct, secure, and relatively efficient, benefiting from the native performance of WebAssembly while retaining precise security guarantees of more mature software paradigms.
We're not able to analyze this paper right now due to high demand.
Please check back later (sorry!).
Generate a summary of this paper on our Pro plan:
We ran into a problem analyzing this paper.