Martin Fink, Dimitrios Stavrakakis, Dennis Sprokholt, Soham Chakraborty, Jan-Erik Ekberg, Pramod Bhatotia
{"title":"Cage:硬件加速的安全 WebAssembly","authors":"Martin Fink, Dimitrios Stavrakakis, Dennis Sprokholt, Soham Chakraborty, Jan-Erik Ekberg, Pramod Bhatotia","doi":"arxiv-2408.11456","DOIUrl":null,"url":null,"abstract":"WebAssembly (WASM) is an immensely versatile and increasingly popular\ncompilation target. It executes applications written in several languages\n(e.g., C/C++) with near-native performance in various domains (e.g., mobile,\nedge, cloud). Despite WASM's sandboxing feature, which isolates applications\nfrom other instances and the host platform, WASM does not inherently provide\nany memory safety guarantees for applications written in low-level, unsafe\nlanguages. To this end, we propose Cage, a hardware-accelerated toolchain for WASM that\nsupports unmodified applications compiled to WASM and utilizes diverse Arm\nhardware features aiming to enrich the memory safety properties of WASM.\nPrecisely, Cage leverages Arm's Memory Tagging Extension (MTE) to (i)~provide\nspatial and temporal memory safety for heap and stack allocations and\n(ii)~improve the performance of WASM's sandboxing mechanism. Cage further\nemploys Arm's Pointer Authentication (PAC) to prevent leaked pointers from\nbeing reused by other WASM instances, thus enhancing WASM's security\nproperties. We implement our system based on 64-bit WASM. We provide a WASM compiler and\nruntime with support for Arm's MTE and PAC. On top of that, Cage's LLVM-based\ncompiler toolchain transforms unmodified applications to provide spatial and\ntemporal memory safety for stack and heap allocations and prevent function\npointer reuse. Our evaluation on real hardware shows that Cage incurs minimal\nruntime ($<5.8\\,\\%$) and memory ($<3.7\\,\\%$) overheads and can improve the\nperformance of WASM's sandboxing mechanism, achieving a speedup of over\n$5.1\\,\\%$, while offering efficient memory safety guarantees.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":"9 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cage: Hardware-Accelerated Safe WebAssembly\",\"authors\":\"Martin Fink, Dimitrios Stavrakakis, Dennis Sprokholt, Soham Chakraborty, Jan-Erik Ekberg, Pramod Bhatotia\",\"doi\":\"arxiv-2408.11456\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"WebAssembly (WASM) is an immensely versatile and increasingly popular\\ncompilation target. It executes applications written in several languages\\n(e.g., C/C++) with near-native performance in various domains (e.g., mobile,\\nedge, cloud). Despite WASM's sandboxing feature, which isolates applications\\nfrom other instances and the host platform, WASM does not inherently provide\\nany memory safety guarantees for applications written in low-level, unsafe\\nlanguages. To this end, we propose Cage, a hardware-accelerated toolchain for WASM that\\nsupports unmodified applications compiled to WASM and utilizes diverse Arm\\nhardware features aiming to enrich the memory safety properties of WASM.\\nPrecisely, Cage leverages Arm's Memory Tagging Extension (MTE) to (i)~provide\\nspatial and temporal memory safety for heap and stack allocations and\\n(ii)~improve the performance of WASM's sandboxing mechanism. Cage further\\nemploys Arm's Pointer Authentication (PAC) to prevent leaked pointers from\\nbeing reused by other WASM instances, thus enhancing WASM's security\\nproperties. We implement our system based on 64-bit WASM. We provide a WASM compiler and\\nruntime with support for Arm's MTE and PAC. On top of that, Cage's LLVM-based\\ncompiler toolchain transforms unmodified applications to provide spatial and\\ntemporal memory safety for stack and heap allocations and prevent function\\npointer reuse. Our evaluation on real hardware shows that Cage incurs minimal\\nruntime ($<5.8\\\\,\\\\%$) and memory ($<3.7\\\\,\\\\%$) overheads and can improve the\\nperformance of WASM's sandboxing mechanism, achieving a speedup of over\\n$5.1\\\\,\\\\%$, while offering efficient memory safety guarantees.\",\"PeriodicalId\":501197,\"journal\":{\"name\":\"arXiv - CS - Programming Languages\",\"volume\":\"9 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-08-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Programming Languages\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2408.11456\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2408.11456","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
WebAssembly (WASM) is an immensely versatile and increasingly popular
compilation target. It executes applications written in several languages
(e.g., C/C++) with near-native performance in various domains (e.g., mobile,
edge, cloud). Despite WASM's sandboxing feature, which isolates applications
from other instances and the host platform, WASM does not inherently provide
any memory safety guarantees for applications written in low-level, unsafe
languages. To this end, we propose Cage, a hardware-accelerated toolchain for WASM that
supports unmodified applications compiled to WASM and utilizes diverse Arm
hardware features aiming to enrich the memory safety properties of WASM.
Precisely, Cage leverages Arm's Memory Tagging Extension (MTE) to (i)~provide
spatial and temporal memory safety for heap and stack allocations and
(ii)~improve the performance of WASM's sandboxing mechanism. Cage further
employs Arm's Pointer Authentication (PAC) to prevent leaked pointers from
being reused by other WASM instances, thus enhancing WASM's security
properties. We implement our system based on 64-bit WASM. We provide a WASM compiler and
runtime with support for Arm's MTE and PAC. On top of that, Cage's LLVM-based
compiler toolchain transforms unmodified applications to provide spatial and
temporal memory safety for stack and heap allocations and prevent function
pointer reuse. Our evaluation on real hardware shows that Cage incurs minimal
runtime ($<5.8\,\%$) and memory ($<3.7\,\%$) overheads and can improve the
performance of WASM's sandboxing mechanism, achieving a speedup of over
$5.1\,\%$, while offering efficient memory safety guarantees.