TaintAssembly: Taint-Based Information Flow Control Tracking for WebAssembly

WebAssembly (wasm) has recently emerged as a promisingly portable, size-efficient, fast, and safe binary format for the web. As WebAssembly can interact freely with JavaScript libraries, this gives rise to a potential for undesirable behavior to occur. It is therefore important to be able to detect when this might happen. A way to do this is through taint tracking, where we follow the flow of information by applying taint labels to data. In this paper, we describe TaintAssembly, a taint tracking engine for interpreted WebAssembly, that we have created by modifying the V8 JavaScript engine. We implement basic taint tracking functionality, taint in linear memory, and a probabilistic variant of taint. We then benchmark our TaintAssembly engine by incorporating it into a Chromium build and running it on custom test scripts and various real world WebAssembly applications. We find that our modifications to the V8 engine do not incur significant overhead with respect to vanilla V8’s interpreted WebAssembly, making TaintAssembly suitable for development and debugging. Keywords—WebAssembly, Taint Tracking, V8, Chromium