Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI

Kolosick, Matthew; Narayan, Shravan; Johnson, Evan; Watt, Conrad; LeMay, Michael; Garg, Deepak; Jhala, Ranjit; Stefan, Deian

doi:10.1145/3498688

Cited by 6 publications

(2 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A formally verified sandboxing compiler for WASM has been implemented to strengthen WASM binary compilation [56]. Moreover, several verification methodologies for SFI-compliance in WASM are also proposed [12], [57]. AGORA's assertion generator for a WASM SFI policy is built on top of their artifact.…”

Section: Related Workmentioning

confidence: 99%

Altered global signal topography in Alzheimer's disease

Chen¹,

Zhao²,

Zhang³

et al. 2023

eBioMedicine

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Altered global signal topography in Alzheimer's disease

Chen¹,

Zhao²,

Zhang³

et al. 2023

eBioMedicine

View full text Add to dashboard Cite

“…Despite not trusting the WebApp, transitions from the WebApp to CryptoLib can elide context switching required for register isolation under a specific condition. Verification approaches [30], [31] can be used to prove that a small function in CryptoLib does not leak the key under the assumption that entry points are enforced, and that the function's code overwrites registers used to store the key before returning to the WebApp. By using the cheaper migrating thread model [32], a security-proportional mechanism can reduce overheads where acceptable.…”

Section: Flexibilitymentioning

confidence: 99%

SecureCells: A Secure Compartmentalized Architecture

Bhattacharyya¹,

Hofhammer²,

Li³

et al. 2023

2023 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Modern programs are monolithic, combining code of varied provenance without isolation, all the while running on network-connected devices. A vulnerability in any component may compromise code and data of all other components. Compartmentalization separates programs into fault domains with limited policy-defined permissions, following the Principle of Least Privilege, preventing arbitrary interactions between components. Unfortunately, existing compartmentalization mechanisms target weak attacker models, incur high overheads, or overfit to specific use cases, precluding their general adoption. The need of the hour is a secure, performant, and flexible mechanism on which developers can reliably implement an arsenal of compartmentalized software.We present SecureCells, a novel architecture for intraaddress space compartmentalization. SecureCells enforces per-Virtual Memory Area (VMA) permissions for secure and scalable access control, and introduces new userspace instructions for secure and fast compartment switching with hardwareenforced call gates and zero-copy permission transfers. Secure-Cells enables novel software mechanisms for call stack maintenance and register context isolation. In microbenchmarks, SecureCells switches compartments in only 8 cycles on a 5-stage in-order processor, reducing cost by an order of magnitude compared to state-of-the-art. Consequently, SecureCells helps secure high-performance software such as an in-memory keyvalue store with negligible overhead of less than 3%.

show abstract