Доверя́й, но проверя́й: SFI safety for native-compiled Wasm

Johnson, Evan; Thien, David; Alhessi, Yousef; Narayan, Shravan; Brown, Fraser; Lerner, Sorin; McMullen, Tyler; Savage, Stefan; Stefan, Deian

doi:10.14722/ndss.2021.24078

Cited by 12 publications

(16 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Wasm execution engine must also be trusted to correctly execute a binary, so that a computation is faithfully executed according to the published bytecode semantics [80,93], and that the program is unable to escape its sandbox, damage or spy on a delegate, or have any other side-effect than allowed by the Veracruz sandboxing model. Recent techniques have been developed that use post-compilation verification to establish this trust [48]-we briefly discuss our ongoing experiments in this area in §6. Compiler verification could be used to engender trust in the Wasm execution engine, though we are not aware of any verified, highperformance Wasm interpreters or JITs suitable for use with Veracruz at the time of writing (see [94] for progress toward this, however).…”

Section: Threat Modelmentioning

confidence: 99%

“…SFI systems, such as Wasm, add runtime checks to loads, stores, and control flow transfers to ensure sandboxed code cannot escape from its address space region, though bugs in SFI compilers can (and do) incorrectly remove these checks and introduce bugs that let untrusted code escape its sandbox [12,43]. To address this-following other SFI systems [65,99,102]-we have built a static verifier for binary code executed by Veracruz, implemented as an extension of VeriWasm [49], an open-source SFI verifier for compiled Wasm code. To adapt VeriWasm to Veracruz, we added support for AArch64, and ported VeriWasm from the Lucet [17] toolchain to Wasmtime, as used by Veracruz.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Private delegated computations using strong isolation

Brossard¹,

Bryant²,

El³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Sensitive computations are now routinely delegated to thirdparties. In response, Confidential Computing technologies are being introduced to microprocessors, offering a protected processing environment, which we generically call an isolate, providing confidentiality and integrity guarantees to code and data hosted within-even in the face of a privileged attacker. Isolates, with an attestation protocol, permit remote third-parties to establish a trusted "beachhead" containing known code and data on an otherwise untrusted machine. Yet, the rise of these technologies introduces many new problems, including: how to ease provisioning of computations safely into isolates; how to develop distributed systems spanning multiple classes of isolate; and what to do about the billions of "legacy" devices without support for Confidential Computing?Tackling the problems above, we introduce Veracruz, a framework that eases the design and implementation of complex privacy-preserving, collaborative, delegated computations among a group of mutually mistrusting principals. Veracruz supports multiple isolation technologies and provides a common programming model and attestation protocol across all of them, smoothing deployment of delegated computations over supported technologies. We demonstrate Veracruz in operation, on private in-cloud object detection on encrypted video streaming from a video camera. In addition to supporting hardware-backed isolates-like AWS Nitro Enclaves and Arm ® Confidential Computing Architecture Realms-Veracruz also provides pragmatic "software isolates" on Armv8-A devices without hardware Confidential Computing capability, using the high-assurance seL4 microkernel and our IceCap framework.

show abstract

Section: Threat Modelmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Private delegated computations using strong isolation

Brossard¹,

Bryant²,

El³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Our work includes the compiler in the TCB. Previous work on SFI (e.g., [2], [4], [9], [62]) instead uses a verifier (a small verified trusted program) or a theorem prover [23], [63] to validate the relevant SFI properties of compiled sandbox code. However these verifiers do not currently establish sufficient properties for zero-cost transitions.…”

Section: Related Workmentioning

confidence: 99%

Isolation Without Taxation: Near Zero Cost Transitions for SFI

Kolosick,

Narayan,

Johnson

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Almost all SFI systems use heavyweight transitions that incur significant performance overhead from saving and restoring registers when context switching between application and sandbox code. We identify a set of zero-cost conditions that characterize when sandboxed code is well-structured enough so that security can be guaranteed via lightweight zero-cost transitions. We show that using WebAssembly (Wasm) as an intermediate representation for low-level code naturally results in a SFI system with zero-cost transitions, and modify the Lucet Wasm compiler and its runtime to use zero-cost transitions. Our modifications speed up image and font rendering in Firefox by up to 29.7% and 10% respectively. We also describe a new purpose-built fast SFI system, SegmentZero32, that uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our zero-cost conditions. While this enforcement incurs some runtime cost within the sandboxed code, we find that, on Firefox image and font rendering benchmarks, the time saved per transition allows SegmentZero32 to outperform even an idealized hardware isolation system where memory isolation incurs zero performance overhead but the use of heavyweight transitions is required.

show abstract

“…9 For example, they showed that some Wasm runtimes fail to properly separate the stack and heap. Though they did not identify such bugs in Lucet, these classes of bugs are inevitable-and, while identifying such bugs is important, this class of bugs is orthogonal and well-understood in the SFI literature (and addressed, for example, by VeriWasm [44]). We focus on addressing Spectre attacks, which can fundamentally undermine the guarantees of even bug-free Wasm toolchains.…”

Section: Implementation Bugs In Wasmmentioning

confidence: 99%

Swivel: Hardening WebAssembly against Spectre

Narayan,

Disselkoen,

Moghimi

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

We describe Swivel, a new compiler framework for hardening WebAssembly (Wasm) against Spectre attacks. Outside the browser, Wasm has become a popular lightweight, in-process sandbox and is, for example, used in production to isolate different clients on edge clouds and function-as-a-service platforms. Unfortunately, Spectre attacks can bypass Wasm's isolation guarantees. Swivel hardens Wasm against this class of attacks by ensuring that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code-another Wasm client or the embedding process-to leak secret data.We describe two Swivel designs, a software-only approach that can be used on existing CPUs, and a hardware-assisted approach that uses extension available in Intel ® 11th generation CPUs. For both, we evaluate a randomized approach that mitigates Spectre and a deterministic approach that eliminates Spectre altogether. Our randomized implementations impose under 10.3% overhead on the Wasm-compatible subset of SPEC 2006, while our deterministic implementations impose overheads between 3.3% and 240.2%. Though high on some benchmarks, Swivel's overhead is still between 9× and 36.3× smaller than existing defenses that rely on pipeline fences.

show abstract

Доверя́й, но проверя́й: SFI safety for native-compiled Wasm

Cited by 12 publications

References 43 publications

Private delegated computations using strong isolation

Private delegated computations using strong isolation

Isolation Without Taxation: Near Zero Cost Transitions for SFI

Swivel: Hardening WebAssembly against Spectre

Contact Info

Product

Resources

About