Artificial Software Diversification for WebAssembly
Time: Tue 2022-10-18 10.00
Location: D31, Lindstedtsvägen 5, Stockholm
Subject area: Electrical Engineering
Doctoral student: Javier Cabrera Arteaga , Programvaruteknik och datorsystem, SCS, SCS
Opponent: Professor Tobias Wrigstad, Uppsala universitet, Uppsala
Supervisor: Benoit Baudry, Programvaruteknik och datorsystem, SCS; Martin Monperrus, Tribologi, Teoretisk datalogi, TCS
Besides, we provide implementations for our approaches, including a generic LLVM superdiversifier that potentially extends our ideas to other programming languages. We empirically demonstrate the impact of our approach by providing Randomization and Multivariant Execution (MVE) for WebAssembly. Our results show that our approaches can provide an automated end-to-end solution for the diversification of WebAssembly programs. The main contributions of this work are:
- We highlight the lack of diversification techniques for WebAssembly through an exhaustive literature review.
- We provide randomization and multivariant execution for WebAssembly with the implementation of two tools, CROW and MEWE respectively.
- We include constant inferring as a new code transformation to generate software diversification for WebAssembly.
- We empirically demonstrate the impact of our technique by evaluating the static and dynamic behavior of the generated diversification.
Our approaches harden observable properties commonly used to conduct attacks, such as static code analysis, execution traces, and execution time.