Translated from Korean to English - www.onlinedoctranslator.com
753
Journal of The Korea Institute of Information Security & Cryptology
ISSN 1598-3986 (Print)
VOL.31, NO.4, Aug. 2021
ISSN 2288-2715 (Online)
https://doi.org/10.13089/JKIISC.2021.31.4.753
WACFI: for protecting indirection instructions in WebAssembly
Code Instrumentation Technology*
Jang Yoon-soo,One†Youngjoo Kim,2Kwon Dong-hyun3‡
1,2,3Pusan
National University (students, graduate students, professors)
WACFI: Code Instrumentation Technique for Protection of Indirect Call in
WebAssembly*
1,2,3Pusan
Yoonsoo Chang,One†Youngju Kim,2Donghyun Kwon3‡
National University (Under graduate student, Graduated student, Professor)
yo. this
approximately
Web assembly refers to the form of commands that can be executed in the web environment. Recently, Web Assembly has been used in various
web applications due to its superior performance. However, in this paper, from the security point of view, we found that there is a weak part in the
protection function of the indirect call instruction in Web Assembly. Therefore, we propose WACFI, a code instrumentation technology to protect
the indirect call instruction in this web assembly. Specifically, in WACFI, the web assembly code was modified using information obtained through
source code analysis to strengthen the protection function of the indirect call instruction of web assembly. Our experimental results confirmed that
WACFI provides these security features with a performance load of only about 2.75%.
ABSTRACT
WebAssembly (WASM) is a low-level instruction format that can be run in a web environment. Since WASM has a excellent
performance, various web applications use webassembly. However, according to our security analysis WASM has a security
pitfall related to control flow integrity (CFI) for indirect calls. To address the problem in this paper we propose a new code
instrumentation scheme to protect indirect calls, named WACFI. Specifically WACFI enhances a CFI technique for indirect call in
WASM based on source code anlysis and binary instrumentation. To test the feasibility of WACFI, we applied WACFI to a soundencoding application. According to our experimental results WACFI only adds 2.75% overhead on the execution time while
protecting indirect calls safely.
Keywords:WebAssembly, Control Flow Integrity
I. IntroductionOne)
It is a stack-based binary command format executed in a
web environment such as a web browser. Developers can
Web assembly (WASM) [1]
cross-compile code written in programming languages
such as C/C++ and Rust into web assembly format to execute
Received (05. 26. 2021), Modified (06. 10. 2021),
Accepted (06. 11. 2021)
* This study was supported by the 2020 Pusan National University BK21 FOUR Graduate
School Innovation Support Project and Pusan National University Basic Research Support
Project (2 years).
†Lead author, ysc9606@gmail.com
‡Corresponding author, kwondh@pusan.ac.kr (Corresponding author)
the program in various web environments [2]. Even in terms
of operation speed, the web assembly program showed
faster performance than the program written in JavaScript,
which is widely used in the existing web environment [3].
Therefore, in the future, more and more web
754
WACFI: Code Instrumentation Technology for Protection of Indirect Instruction Instructions in WebAssembly
Applications are expected to utilize WebAssembly.
(indirect branch)dongwill change the small. Specifically,
More than 90% of web browsers used by users
indirect branchinggetaddress is mepagestack orRe jister's
already support web assembly [4].
valueby modulating the processor's original intended
On the other hand, Web Assembly provides various functions
control flow.notThe attacker changes the intended control
in terms of security. Among them, a function is installed to
flow. A typical indirect branch instruction, a function in the C
prevent an attack in which an attacker uses the indirect call
language.phoInteretc.There is an indirect call instruction
command to call an arbitrary function. Specifically, it provides the
used to express
control flow integrity (CFI) function based on the function
signature defined by the type information of the function
2.2 WebAssembly
transfer argument and return argument [5].
However, this protection technique for the indirect call
WebAssembly is a command stack-based binary that is executed in the
instruction of WebAssembly has limitations due to the limited
web execution environment.yourefers to the li form. The following is a
data type of WebAssembly. In other words, there is a many-to-
detailed description of web assembly related to this paper.lilySome minutes
one correspondence between various data types in the source
have beenroodorockunderI guessAll.
code with only the four types of Web Assembly, so that even if
they have different function signatures in the source code, they
2.2.1 WebAssembly Sections and Data Types
can have the same function signature in Web Assembly. This
results in a situation in which functions having different function
WebAssembly code is differentyouLee format andyouseveral
signatures cannot be distinguished from each other in the
sexSeansroouhlosehave.code sectionwritten in case ofstar
function signature check when indirectly called from web
implementation of the functionwallI'm stayingas,function section
assembly, so that they can still be vulnerable to code reuse
is the given functiondecks(func_id)x)Codes of corresponding
attacks (CRA).
functions according tosexSeanmyaddresswallstandingframethis
Therefore, this paper proposes WACFI, a technology that
is bltable sectioninframeEvil Inndecks(tbl_idx)function according
compensates for the vulnerability caused by the indirect call
todecksumappingfunction toframewith function tablesexit's sean
instruction of web assembly. WACFI provides a control flow integrity
In an indirect call, thisframeEvil sexSeanOh yeahwill make uptype
verification technology based on a more specific function signature
sectionis the signature information of the functions that exist in
than the existing web assembly. To this end, WACFI was implemented
the current WebAssembly code.wallis going In this case, the
using source code analysis technology and web assembly code
function signature is the argument of the function and the return
modification technology. As a result of the experiment, it was
value It is defined using the type of
confirmed that WACFI caused a small performance load of only 2.75%
to the existing web assembly code despite these code modifications.
There are four data types in WebAssembly.YesFor example,
i32 and i64 areeach32raintw 64rainIt is a type for integers of t,
where f32 and f64 areeach32rainsite, 64rainindicates the type for
II. background
the real number ofpaidAll.
2.1 Code Reuse Attacks
2.2.2 Calling functions in WebAssembly
Code reuse attack is an attack technique in which an
attacker reuses existing codes by modifying the control flow
of a process without inserting malicious code into the
address space [6]. Typically, returnincensereturn-oriented
web assembly isnowDirect and indirect callsroom
Provides the function call instructions of the
expression.
nowThe command name of WebAssembly for direct invocation is
programming (RO)P) andjumpincenseprogramming(jump-
callbloodfunction as operatordecks is specified as a constant. That is,
oriented programming, JOP)there is In such an attack, the
these functions aredecksu functionsexSeanOh yeahused to cook
attackermaskfor drunkennessPhilnumericallymemoIndirect
specialSince only the address of a static function can be obtained,
Branching by Exploiting Lee Vulnerability
through the calll commandspecialJeong Ham
information securityepisodePapers (2021. 8)
755
Fig. 1. Process of Indirect Call Instruction of WebAssembly
You can call tens of thousands.
On the other hand, WebAssembly
due tospecialIn the case of a fixed $2 function, the typedecka
indirect call
for
Provides an indirect call command called call_indirect. Unlike the
signature defined bydongsigned the workyouTherefore, it shows a
case where the $2 function can be executed.JuneAll.
call command, it is called with the call_indirect command.to be
information about the functionbloodoperatornot top of the stack
III. Assume threat model
yo. thisbovinevaluewill use That is, even one call_indirect
command is executed.nowtop of the stackyo. thisbovinevalueIf
We attack the followingModeland householdssaturdayas
this is different, different functions can be called.In additionOne,
WACFInew yearcounted. Basically, through the security
the top of the stack before calling call_indirectyo. thisCow is a
features provided by WebAssembly [1],roomcode injection
functiondeckSuganot teEvil Inndecks go thatpageBecameheydo.
attackjaction attack) or return command-based code reuse
thisafterWhen call_indirect is called, theframeEvil Inndeckusing
attack.notCode reuse attacks using indirect callsroomIt is
theframeEvilsexSeanmyfunction offrameEvilOh yeahby a
aimed at Instead, we compared existing studies [5] and
functiondeckget s and this functiondeckto determine the
machanAs a result, an attacker can use a variety of
function to be executed. On the other hand, the call_indirect
WebAssemblymemoIn case of exploiting this vulnerability,
commandbloodType in as an operatordecks(type_idx)award
the indirect call commandframeEvil Inndeckarbitrarily
callednumerical valueto have thisvaluesilver typesexfunction
manipulated to write to the stackpageassuming you can As a
signature information defined in theloseis used to in other
result, this allows an attacker to manipulate the control flow,
words,mindFinally, the functiondeckThe signature of the function
such as a script execution function.yo. thiscalling a function
determined throughdecksignatures and work obtained through
maliciouslythingor a code reuse attack such as a function
toothwork by checking whethertoothDo it only if you do and
reuse attack [7].killcan
there is no discrepancytoothif you dorunA time error will occur.
“Fig.1. ” is for these call_indirect instructions.dongIt is a small
schematic.YesFor“Fig.1.“of
call_indirectbloodoperator-specified typedecks is 1,
which is an i32 type argument and returns an i64 type.
valueSignature information of the function with (ie, (i32>[i64])One)) to indicatepaidAll. and the functiondeckSue
1) Press the '->' symbol.Junebylefton meHeatThe data types used are the
data types of the function parameters,Fiveothersidesilver returnvalue is
the data type of
out
Fig. 2. Process of WACFI. The pink parts are the procedures added by WACFI.
IV. WACFI
number of peoplevalueto calculate However, WebAssembly
has only four data types, which is higher than languages
4.1 Operation overview
such as C/C++ or Rust used in the source code.moreis a
small number.YesFor example in C, 32 like int, long, charrain
“Fig. 2.” by the general web assembly development
Data types below the root are converted to the i32 type of
process and WACFI proposed in this paper.weightshow
WebAssembly. Therefore, the data types of the source codes
the processJuneAll.farIn this studyEmscripten SDWeb
JuneAs a result, functions with different function signatures
assembly code was generated using K (emsdk) [8]. When
aredonghave a function signature that workedto becan
source code is compiled using emsdk, web assembly
“Fig.3. In the case of functions func1, func3 in (a) of ”, these
code (.wasm)onlyonlynoYou can also do this in a web
Yesshow JuneAll. C language data typesJuneIf we compute
environment such as a browser.rock sayfur.html
the signature of the function withtwoBecause the return
and .html containing the wrapper code.jgenerate s code
type of (each int and char) have different function signatures
JuneAll. Among them, WACFI receives web assembly
heydo. However, “Fig.3. As stated in (b) of ”seeminglyIn this
code (ori.wasm in “Fig.2.”) and source code.powerby
web assembly, func1 and func3 aredongIt will have a
receiveChoibellAs a result, the web assembly code
function signature of ilhan (i32->[i32]).
(modified. wasm in “Fig.2.”) to which the execution flow
integrity protection technology for indirect calls is
applied is generated.
To this end, WACFI largelytwostep by stepdongbecomes smallfar
These function signaturesroomThe problem with expressions is
that as a result, an attacker can sign a function in WebAssembly.room
cool downepisodeThis makes it possible to call illegal functions.YesFor
Based on the detailed data type information obtained by analyzing the
example, “Fig.3. I in (a) of “Fiveis the fn functionphoIn the case of inter,
source code written by that developer,birdGenerate new function
according to the data type information of the source code,lineIt is
signature information (4.3page).Next, based on the generated
legal to call only func1 among the declared functions. However, “Fig.3.
signature information, the code instrumentation step for flow integrity
in (b) of ”cheekcanseeminglySignature of this web assembly's function
protection is performed in the indirect call instruction of the web
roomAccording to the expression, func1, func2, func3, func4 areall the
assembly code.rooIt will get messy (4.4page). eachIn this step roo
sameIt has the same function signature. Therefore, an attacker can
specificmydragon ispageatnew yearMyunghadorock underI guessAll.
create these functions by exploiting the indirect call command
corresponding to fn.allbe able to call
4.2 Problems with Web Assembly's Function Signature Method
1 aheadpageatnew yearAs stated, Web Assembly provides a
4.3 Source code analysis-based function signature extraction
WACFI 4.2pageatnew yearFunction signatures in WebAssemblyroom
function signature-based protection technology for indirect calls
solve the problem of expressionlineTo do this, the function signature was
[5]. web assembly returnsvalueof the type and transfer factors of
calculated based on the source code analysis. for teeth,farI
netwestandusing data type informationeachfunction stand
(c) func_IDmapping table
(a)Example source code
(b) Function Signatures
(d) WACFI sig bounds table
Fig. 3. Function Signature and Meta
We utilize the source code analysis tool [9] to analyze the given
A web assembly called .wat utilizing the wasm2wat tool
source codemysignature information of functions defined in
on the chain.texMeasurement was carried out on the file
weightwent outYesFor example, “Fig.3. I in (b) of ”On Looking at
converted to the text format. measureafter donein
the WACFI function signature result (WACFI_sig), it can be seen
machanEggplant by WABTBy utilizing wat2wasm of , a
that the used data type is subdivided and the function signature
web assembly binary format file with WACFI protection
of func1 is distinguished from other func2, func3, and func4 in
was created. (modifed.wasm of “Fig.2.”)
the source code.machanAs a result, weyesfunction signature
Specifically, through code instrumentation in WACFIweightinflicted
information obtained fromsaturdayas in the source codemy
myDragons are:farThat is a function that we use in our existing
Indirect call commands used infind wifeand defined a function
WebAssembly code.decksmindallbirdnew function expression starNow
signature that can be called with the corresponding indirect call
(func_ID)has been assigned. In this case, the function expressionstar
command.YesFor example, “Fig.3. ” of fn is a functionphoPoints
sleepingeachfunctiondeckone in oneeachcorrespondinglyasceremony
to an indirect call instruction for interas fn function in func3pho
starassigning a rulerroomThe expression is based on the function
InterlineBy analyzing the uncommented part, it shows that the
signature defined by WACFI. JunebydongA sequence of functions with
function signature that can be called through the corresponding
the same signaturevalue to haverockdid. WACFI is such a functiondeck
indirect call command is (i32->[i32]). As a result thisyesgained
sw function expressionstarvoluntarymappingdefined the relationship
eachfunctionstar birdInformation about new function signature
mapping frameEvil (func_IDmapping table) in the web assembly code
information and legal function signatures of indirect call
frameEvilsexSeanweightadded.In additiononeeachsignature of WACFI
instructions isstarFiled in the file (wacfi.sig)pageSoback then me
functionstarfunction expressionstarrulertigerabove mepagefunction
allcode fixmoduleavailable inrockdid
signature boundframeCreate a table (WACFI_sig bounds table).YesFor
example, “Fig.3. In (b) of ”, func2 and func4 are the signature
information of WACFI.dongThese are functions with the same function
4.4 Code Instrumentation to Protect Execution Flow Integrity
signature. And “Fig.3. It can be seen from (c) of ”seeminglyThis is a
function of func2 and func4decks ( func_idx)Iseachcalled 2 and 4value
WACFI is 4.3pageThe function to protect the
but with a function expression starNow (func_ID)There are 2 and 3bird
indirect call instructions by using the information
RowoonvalueThis is assigned “Fig.3. ”(d) is givenYesfor my codeframe
obtained from theweightThese web assembly
show the evilas (i16->[i16] Functional expression legal in case of
codes were instrumented in order to be added. At
function signaturestarSince the characters are 2 and 3, lower
this time, since the result compiled with emsdk
is .wasm (ori.wasm in “Fig.T[10] saidtool
out
Fig. 4. Instrumentation of WACFI
bound(l_bnd) and upper bound(u_bnd)each being 2 and 3
fixed.farI have an Intel i5-8265U processor and a
cheekcan this expressionstarvoluntarytigerThe above
base frequency of 1.60GHz,8GB's RAM is mounted
(bound) shows the WACFI function signature of the called
what I used God and Ubuntu 18.04.5LTRun S
function.tigerThis will make the above test possible.
64bitzerosystem was used. The web assembly
Next we have the WASM codemyEnter the signature information of
code is Emscripten SDK compilertoolcreated using
WACFI before the indirect call command insaturdaycode to protect
a chain.asSpecificallyEMCC(Emscripten cc/ clang-
flow integrityweightadded.farWe are on the stackpageoldframeEvil Inn
like replacement + linker emulat ingGNU ld) is
deckgo toloseand the function expression through itstarrulermapping
2.0.1friendI, clang is 12.0.0friend I, sRedemodel (T
frameEvilOh yeahThe function expression you want to callstarget a
thread model) is posixwas used asframeThe web
rulerpaidAll. Next, this expressionstar voluntaryvalueto verify
browser used Chrome Canary ver.90.0.4427.5.
legitimacy. At this time, whether it is legal or not is 4.3pageobtained
fromeachindirect callmindMulti-callable function signature (WACFI_sig,
And to measure the performance load when WACFI is applied
shown in (b) of “Fig.3.”)Ianddongwork) and bound function signatures
benchmarkThe latest in Crowe Miniaudio[11]friendThe former
frameUse the label. That is, the function expression of the function to
was used. Miniaudio isaudio captureand library written in C for
be calledstarA function expression that corresponds to the function
playback. However, as in “Fig.5.”, Miniaudio provides various
signature of the self-indirection instruction.star rulertigerstomachmy
functions andeachThe codes corresponding to the functions are
to check that it is inYesFor example, “Fig.4. ” by applying this
divided intoeachcode implementing the functionstarto measure
verification process, WACFI isframeEvil Inndecktampering attack
the execution time. dog at this timestarFunctions that implement
avariceUnderground show the processJuneAll. i.e. alteredframeEvil Inn
functions are called as indirect call commands.rockIndirect call
deckfunction expression throughstarNow (currentlyYesIn this case, '3')
instruction is protected by WACFIto beoccurs in casedong
is the function signature (WACFI_SI) that can be called with the
Running time and cord size load were measured.
corresponding indirect call instruction.G_0) function expressionstar
rulertigerIt can be confirmed that it has been tampered with because
it does not correspond to 1 or more and 1 is the above.
V. EXPERIMENTAL RESULTS
We measure the performance with the following experimental environment
Fig. 5. Performance Time Overhead
information securityepisodePapers (2021. 8)
5.1 Runtime performance load
759
commandphoControl flow is changed through an indirect branch
instruction withto beWhen defined on the flow graphatchange to
We measure the experiments that occurFivedue to careffect
only one of theto bepossiblyrockto prevent an attacker from
secondlineDogs powered by Miniaudio to winstar5,000 features
tampering with the control flow.roomuh But theseroomIn the
episodehalfluckHadorockModify and then before applying WACFI
case of expressionsoupSecurity is determined by the accuracy of
afterThe performance load was calculated by measuring the
the control flow graph. In general, generating a complete control
execution time of . The result is “Fig. 5.” as in 2.75%AverageThe
flow graph for a program is notopenknow as a problemtryThere
performance load was measured.
is [13].
MeanwhileIn additionDifferentroomUsing the signature
5.2 Code size load
information of a function as an expressionroomThere are
equations ([14], [15], [16]). i.e. indirect call commandmindDefine
code size loadbenchmarkweek in bigyo. thisto perform a
the signature information of all callable functions twoThen,
functioneachFile applies origin and WACFIafter how muchI
during execution, the indirect call commandgetfunctiondongBy
measured whether the code size increased. The code size is 1%
checking whether the user has the correct signature information,
as shown in “Fig.6.”inside and outsideincreased to This is “Fig.4. ”
an attacker can arbitrarily call an illegal function using an indirect
inFivewithout inlining the code in the case of wacfi_check_sigstar
call command.roomthe basementroomIt's food. At this time, the
defined as a function of degreesbackdog starIt can be used by
signature information of the function isroomdefined asto beIn
calling the wacfi_check_sig function before the indirect call
case of [14], the number of arguments and return of the function
command.rockto WACFIweightAmong the codes that become
valueofyouNo, 2.2 for WASM pageatnew yearAs specified, the
luckamount of codelineIt seems that it was because
data types provided by WASM are used.Junethe data types of the
arguments toand returnvalueWe defined the signature of the
function with the data type of . but 4.2pageatnew yearAs stated,
WASM's restrictive data type systemtempAs a result, WASM's
function signature-based protection technology has security
vulnerabilities as a result [17]. WACFI is alsoroomIt is part of a
study using the signature information of functions like
Fig. 6. Code Size Overhead
expressions, butroomUnlike the expressions, the signature
information of the detailed function defined by the developer in
VI. related research
6.1 Control Flow Integrity Study
Control flow integrity (CFI) refers to CRAs that
the source code (the data type supported by the programming
language of the source code Juneargument and returnvaluedata
type) to provide better control flow integrity protection.
Meanwhile, WACFI andmachanAs a result, in the case of
exploit indirect call instructions.roomAs one of
studies [15][16] using detailed function signature information in
the security technologies for controllingto be
the source code,xlike 86welleggryojinwhatCode for flow integrity
possiblyrockIt is a limiting technique.
protection performed against new codeweightwas added But
At this time, the legal control flowroomDepending
thesewhatIn God, the indirect call command is Rejesterbump
on the expression, InuTypically, the control flow
silvermemoleeareaEthannethehepage2.2 in that it uses the
graph (CF) used in compiler analysisG)There are
addresspageatnew yearIndirect call command in WASMdong
studies using [12]. The execution flow graph is the
There is a difference between small and WACFI is just such a high
basic block of code.rock(basic block)paddledraw, the
level of WASM.youone indirect call commanddongIn WASM using
legitimate flow of controlatGironata myis a graph.
the production process and WASM commandsspecialIt differs
That is, in these studies, indirect call
from these previous studies in that it provides a standardized
performance flow integrity verification technology.star
760
WACFI: Code Instrumentation Technology for Protection of Indirect Instruction Instructions in WebAssembly
have a gender
6.2 Security in WebAssembly
VII. conclusion
thisthIn this paper, we proposed WACFI, a code
instrumentation technology for protecting indirect calls in Web
WebAssembly ExpansionpagecastleandDue to its performance
Assembly. Specifically, WACFI is a part of the existing
advantages, it is increasingly used in many web applications, and on
WebAssemblyfeetInstead of leveraging one data type, in the
the one hand, these web assembliesdongStudies on the safety of the
source codeweightbased on the output data type.birdIntegrity
work are also actively conducted.rooit's getting messy In [5] and [17],
verification based on new function signaturesmechanismhas
the integers in WebAssemblyoverflow vulnerabilities,formatstudy ring
been proposed. Our experimental results show that WACFI does
weakness,buffer overflow vulnerabilitiesetc.various vulnerabilitiesYes
notweight in spite ofAverageCauses a performance load of 2.75%
Je and Hamtoand the attack techniques using it were introduced.
Keanshow thatJuneAll.afterConfirmation of source code analysis
specialIn [17], this paper andMa ChanAs a result, the indirect call
technologypageC language viaexceptIt is also applied to
instruction in WebAssembly is exploited in the attack.to beproblems
programs based on various programming languages supported
that candongraise to workonlyonlynoLyleroomIntelligible WASM
by WASM.directionor other existingwhatFunctional signature-
language-basedbookalso aboutnew yearis commanding i.e. a function
based performance flow integrity studies targeting new codes
in WASMframeseveral of these labelstwogo,eachindirect call command
[15],[18]Oh yeahmore honestwheatConfirmation as a Control
dongwhen smallOh yeahfunction to tellframeYou can also specify the
Flow Integrity Protection Techniquepage This seems possible.
labelrockCheck the WASM languagepageThere is a proposal to do so,
References
and by using this, the existing WASM indirect call command protection
scheme can be supplemented. WACFIstationWASM'S FUNCTIONS
frameEvil andstarbound function signature to dogframeIn terms of
[1] WebAssembly, https://webassembly. org, Feb.
utilizing Evil, the proposal andyouHowever, the proposal is onlynet
2021.
multiple functionsframeSupport date for WASM language to support
[2]Haas, A., and Rossberg, A., Schuff,
Evelonlyfor specific control flow integrity protection.roomlawtheoryor
DL, Titzer, B.L., H.olman, M., Gohman,D.,
the implementationwithoutThere is a limit in the sense that there is.
Bastien, JF “Bringing the web up to speed
Moreover, these proposals are in the official WASM language table.
with WebAssembly.” InProceedings of the
Juneinregistrationnot bedidsecondonlymoreregistrationEven if this is
38th ACM SIGPLANconference on P
the case, in order to support thiseveryBrowsers that support WASM
programmingLlanguageDDesign and
etc.modification ofneedone milliongreatnesspractical use peela
Implementation, pp. 185-200, June. 2017.
considerable amount of timetakeasYesget hurt However, WACFI is
currently written in the WASM language.youIt can be applied directly
to the
[3] devlopers google, https://developers.
google.com/web/updates/2019/02/hotp ath-
weightIncidentally, in [17], WASM'smemoLee vulnerability
roomWe also introduced usable technical proposals forstation
cityyetWASM tableJunecouldn't get intoonly onlynola yakrate
Vulnerabilities may still exist due to the protection of the
with-wasm, Feb. 2021.
[4] canIuse, https://caniuse.com/?search
=WebAssembly, Feb. 2021.
[5] McFadden, B., andLukasiewicz, T., Dileo, J.,E
underlyingthingHowever, there is a disadvantage of generating a
ngler, J. “Security chasms of wasm.”NCCG
significant performance load.In additionOne WACFI is currently
round Whitepaper. Aug. 2018.
WASMmyof memoour vulnerabilityroomwhat to donotAs a
control flow integrity protection technique in a situation where
[6]Goktas,E.,and Athanasopoulos,E., Boss,H., P.
an attacker exploits it, these techniques and thenarrow model
ortokalidis,G. “Out of control: Overcoming
There is also a difference in
control-flow integrity.” In 2014 IEEE
Symposium
information securityepisodePapers (2021. 8)
on Security andPrivacy pp. 575-589, May.
2014.
[7]Guo,Y.,and Chen,L.,Shi,G. “Function-oriented
761
[14]VanDerVeen,V.,andGoktas,E., Contag, M.,P
awoloski, A., Chen,X., Rawat, S.,Giuffrida, C.
“A tough call: Mitigating advanced code-
programming: A new class of code reuse
reuse attacks at the binary level.” In 2016 I
attack in c applications.” In 2018 IEEE
EEESymposium on Security and Privacy (S)P),
Conference on Communications and N
pp. 934-953, May. 2016.
etwork Security pp. 1-9, May. 2018.
[15]Pax Team. RAP:RIPROP.
[8]Emscripten SDK, https://emscripten. org/, Feb.
https://pax.grsecurity.net/docs/ Feb. 2021.
2021.
[9]LLVM, https://llvm.org/, Feb. 2021.
[10] wabt, https://github.com/WebAssembly/
wabt, Feb. 2021.
[11] miniaudio, https://github.com/mackron/
miniaudio, Feb. 2021.
[16]Niu, B., andTan,G. “Modular control-flow
integrity.” InProceedings of the 35th ACM SI
GPLAN conference onPprogrammingL
language DDesign and Implementation, pp.
577-587, June. 2014.
[12] Abadi, M., and Budiu, M., Erlingsson, U.,L
igatti, J.
[17]Lehmann,D.,and Kinder, J.,Pradel,
“Control-flow integrity principles,
M. “Eeverything old is new again: Binary
implementations, and applications.” ACMT
security of webassembly.” In 29th {USENIX}
ransactions on Information and System
Security Symposium, pp. 217-234, Aug.
Security, vol.13 no.1, pp. 1-40. Oct. 2009.
2020.
[18] Farkhani, RM, and Jafari, S., Arshad, S.,
[13] Checkoway, S., andDavi,L.,
Robertson, W., Kirda,E., Okhravi,H. “On the
Dmitrienko, A., Sadeghi, AR, Shacham,H.,
effectiveness of type-based control flow
Winandy, M.
integrity.” In Proceedings of the 34th Annual
“Return-oriented programming without
Computer Security Applications Conference,
returns.” InProceedings of the 17th ACM
pp. 28-39,Dec. 2018.
conference on Computer and
communications security, pp. 559-572, Oct.
2010.
762
WACFI: Code Instrumentation Technology for Protection of Indirect Instruction Instructions in WebAssembly
<About the author>
Jang Yoonnumber (Yoonsoo Chang) JungepisodeOne 2021 2month:Pusan National
University Information CompewSchool of EngineeringpawnUp < Interesthey>compew
Terrestrial Engineering, Information Security
Kim Youngmain (Youngju Kim) studentepisodeoriginal 2019 8Month: WoolObstetrics and
Technology InstitutepewBachelor of Engineering, 2021 3Mon~Present: Pusan National
UniversityfusionGraduate School of Security, Master's Degree <Interestedhey>information
security,TrustZone
Kwon Donghyeon (Donghyun Kwon) Jungepisodeone
2012 2month:westwooluniversity electric computerpewBachelor of EngineeringpawnUp 2019 2month:westwooluniversity
electric computerpewDepartment of Engineering, Master'sGourdcontainersynthesisprocesspawnUp 2019 3Mon~2020 2month:
onesoupResearcher, Electronics and Telecommunications Research Institute 2020 3month〜Present: Pusan National
University Information CompewAssistant Professor, School of Engineering <Interestedhey>sheathtempsecurity, softwee
fisherman
