WASM-MUTATE: Fast and Effective Binary Diversification for WebAssembly
share
WebAssembly has is renowned for its efficiency and security in browser environments and servers alike. The burgeoning ecosystem of WebAssembly compilers and tools lacks robust software diversification systems. We introduce WASM-MUTATE, a compiler-agnostic WebAssembly diversification engine. It is engineered to fulfill the following key criteria: 1) the rapid generation of semantically equivalent yet behaviorally diverse WebAssembly variants, 2) universal applicability to any WebAssembly programs regardless of the source programming language, and 3) the capability to counter high-risk security threats. Utilizing an e-graph data structure, WASM-MUTATE is both fast and effective. Our experiments reveal that WASM-MUTATE can efficiently generate tens of thousands of unique WebAssembly variants in a matter of minutes. Notably, WASM-MUTATE can protect WebAssembly binaries against timing side-channel attacks, specifically, Spectre.
READ FULL TEXT
