Security Risks of Porting C Programs to WebAssembly

Onderzoeksoutput: Conference paper

4 Citaten (Scopus)
112 Downloads (Pure)

Samenvatting

WebAssembly is a compilation target for cross-platform applications that is increasingly being used. In this paper, we investigate whether one can transparently cross-compile C programs to WebAssembly, and if not, what impact porting can have on their security. We compile 17 802 programs that exhibit common vulnerabilities to 64-bit x86 and to WebAssembly binaries, and we observe that the execution of 4 911 binaries produces different results across these platforms. Through manual inspection, we identify three classes of root causes for such differences: the use of a different standard library implementation, the lack of security measures in WebAssembly, and the different semantics of the execution environments. We describe our observations and discuss the ones that are critical from a security point of view and need most attention from developers. We conclude that compiling an existing C program to WebAssembly for cross-platform distribution may require source code adaptations; otherwise, the security of the WebAssembly application may be at risk.

Originele taal-2English
TitelProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, SAC 2022
UitgeverijACM
Pagina's1713-1722
Aantal pagina's10
ISBN van elektronische versie9781450387132
DOI's
StatusPublished - 25 apr 2022
EvenementThe 37th ACM/SIGAPP Symposium On Applied Computing - Virtual
Duur: 25 apr 202229 apr 2022
https://www.sigapp.org/sac/sac2022/

Publicatie series

NaamProceedings of the ACM Symposium on Applied Computing

Conference

ConferenceThe 37th ACM/SIGAPP Symposium On Applied Computing
Verkorte titelSAC 2022
Periode25/04/2229/04/22
Internet adres

Bibliografische nota

Publisher Copyright:
© 2022 ACM.

Copyright:
Copyright 2022 Elsevier B.V., All rights reserved.

Vingerafdruk

Duik in de onderzoeksthema's van 'Security Risks of Porting C Programs to WebAssembly'. Samen vormen ze een unieke vingerafdruk.

Citeer dit