Formally Verified Cryptographic Web Applications in WebAssembly

Jonathan Protzenko, Benjamin Beurdouche, Denis Merigoux, K. Bhargavan
{"title":"Formally Verified Cryptographic Web Applications in WebAssembly","authors":"Jonathan Protzenko, Benjamin Beurdouche, Denis Merigoux, K. Bhargavan","doi":"10.1109/SP.2019.00064","DOIUrl":null,"url":null,"abstract":"After suffering decades of high-profile attacks, the need for formal verification of security-critical software has never been clearer. Verification-oriented programming languages like F* are now being used to build high-assurance cryptographic libraries and implementations of standard protocols like TLS. In this paper, we seek to apply these verification techniques to modern Web applications, like WhatsApp, that embed sophisticated custom cryptographic components. The problem is that these components are often implemented in JavaScript, a language that is both hostile to cryptographic code and hard to reason about. So we instead target WebAssembly, a new instruction set that is supported by all major JavaScript runtimes. We present a new toolchain that compiles Low*, a low-level subset of the F* programming language, into WebAssembly. Unlike other WebAssembly compilers like Emscripten, our compilation pipeline is focused on compactness and auditability: we formalize the full translation rules in the paper and implement it in a few thousand lines of OCaml. Using this toolchain, we present two case studies. First, we build WHACL*, a WebAssembly version of the existing, verified HACL* cryptographic library. Then, we present LibSignal*, a brand new, verified implementation of the Signal protocol in WebAssembly, that can be readily used by messaging applications like WhatsApp, Skype, and Signal.","PeriodicalId":272713,"journal":{"name":"2019 IEEE Symposium on Security and Privacy (SP)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2019.00064","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 26

Abstract

After suffering decades of high-profile attacks, the need for formal verification of security-critical software has never been clearer. Verification-oriented programming languages like F* are now being used to build high-assurance cryptographic libraries and implementations of standard protocols like TLS. In this paper, we seek to apply these verification techniques to modern Web applications, like WhatsApp, that embed sophisticated custom cryptographic components. The problem is that these components are often implemented in JavaScript, a language that is both hostile to cryptographic code and hard to reason about. So we instead target WebAssembly, a new instruction set that is supported by all major JavaScript runtimes. We present a new toolchain that compiles Low*, a low-level subset of the F* programming language, into WebAssembly. Unlike other WebAssembly compilers like Emscripten, our compilation pipeline is focused on compactness and auditability: we formalize the full translation rules in the paper and implement it in a few thousand lines of OCaml. Using this toolchain, we present two case studies. First, we build WHACL*, a WebAssembly version of the existing, verified HACL* cryptographic library. Then, we present LibSignal*, a brand new, verified implementation of the Signal protocol in WebAssembly, that can be readily used by messaging applications like WhatsApp, Skype, and Signal.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
WebAssembly中经过正式验证的加密Web应用程序
在经历了数十年备受瞩目的攻击之后,对安全关键软件进行正式验证的必要性从未如此清晰。像F*这样面向验证的编程语言现在被用于构建高保证的加密库和实现像TLS这样的标准协议。在本文中,我们试图将这些验证技术应用于嵌入复杂自定义加密组件的现代Web应用程序,如WhatsApp。问题是,这些组件通常是用JavaScript实现的,而JavaScript是一种既不支持加密代码又难以推理的语言。因此,我们转而瞄准WebAssembly,这是一个新的指令集,所有主要的JavaScript运行时都支持它。我们提出了一个新的工具链,它将Low* (F*编程语言的一个低级子集)编译到WebAssembly中。与其他WebAssembly编译器(如Emscripten)不同,我们的编译管道专注于紧凑性和可审计性:我们在论文中形式化了完整的翻译规则,并在几千行OCaml中实现了它。使用这个工具链,我们给出了两个案例研究。首先,我们构建WHACL*,这是现有的经过验证的HACL*加密库的WebAssembly版本。然后,我们提出了LibSignal*,这是WebAssembly中一个全新的、经过验证的信号协议实现,可以很容易地被WhatsApp、Skype和Signal等消息传递应用程序使用。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation PrivKV: Key-Value Data Collection with Local Differential Privacy Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem New Primitives for Actively-Secure MPC over Rings with Applications to Private Machine Learning
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1