Security Risks of Porting C Programs to WebAssembly

12/22/2021
by   Quentin Stiévenart, et al.
0

WebAssembly is a compilation target for cross-platform applications that is increasingly being used. In this paper, we investigate whether one can transparently cross-compile C programs to WebAssembly, and if not, what impact porting can have on their security. We compile 17,802 programs that exhibit common vulnerabilities to 64-bit x86 and to WebAssembly binaries, and we observe that the execution of 4,911 binaries produces different results across these platforms. Through manual inspection, we identify three classes of root causes for such differences: the use of a different standard library implementation, the lack of security measures in WebAssembly, and the different semantics of the execution environments. We describe our observations and discuss the ones that are critical from a security point of view and need most attention from developers. We conclude that compiling an existing C program to WebAssembly for cross-platform distribution may require source code adaptations; otherwise, the security of the WebAssembly application may be at risk.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
11/02/2021

The Security Risk of Lacking Compiler Protection in WebAssembly

WebAssembly is increasingly used as the compilation target for cross-pla...
research
03/16/2022

A Language-Independent Analysis Platform for Source Code

In this paper, we present the CPG analysis platform, which enables the t...
research
04/14/2022

Making Markets for Information Security: The Role of Online Platforms in Bug Bounty Programs

Security is an essential cornerstone of functioning digital marketplaces...
research
12/21/2020

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs

We describe and evaluate a novel white-box fuzzer for C programs named F...
research
07/04/2019

CARVE: Practical Security-Focused Software Debloating Using Simple Feature Set Mappings

Software debloating is an emerging field of study aimed at improving the...
research
12/18/2019

Harzer Roller: Linker-Based Instrumentation for Enhanced Embedded Security Testing

Due to the rise of the Internet of Things, there are many new chips and ...
research
05/15/2023

BRF: eBPF Runtime Fuzzer

The eBPF technology in the Linux kernel has been widely adopted for diff...

Please sign up or login with your details

Forgot password? Click here to reset