Constant-Time WebAssembly
نویسندگان
چکیده
As evermore applications are designed to run inside browsers and other JavaScript runtime systems, there is an increasing need for cryptographic primitives that can be used client-side. Unfortunately, implementing cryptographic primitives securely in high-level languages is extremely difficult—runtime system components such as garbage collectors and just-intime compilers can trivially introduce timing leaks in seemingly secure code. We argue that runtime system designs should be rethought with such applications—applications that demand strong guarantees for the executed code—in mind. As a concrete step towards this goal, we propose changes to the recent WebAssembly language and runtime system, supported by modern browsers. Our Constant-Time WebAssembly enables developers to implement crypto algorithms whose security guarantees will be preserved through compiler optimizations and execution in the browser.
منابع مشابه
TaintAssembly: Taint-Based Information Flow Control Tracking for WebAssembly
WebAssembly (wasm) has recently emerged as a promisingly portable, size-efficient, fast, and safe binary format for the web. As WebAssembly can interact freely with JavaScript libraries, this gives rise to a potential for undesirable behavior to occur. It is therefore important to be able to detect when this might happen. A way to do this is through taint tracking, where we follow the flow of i...
متن کاملWebAssembly and JavaScript Challenge: Numerical program performance using modern browser technologies and devices
Recent advances in execution environments for JavaScript and WebAssembly that run on a broad range of devices, from workstations to IoT devices, provides new opportunities for portable and web-based numerical computing. The aim of this paper is to evaluate the current state of the art through a comprehensive experiment using the Ostrich benchmark suite, a collection of numerical programs repres...
متن کاملThe Need for Speed of AI Applications: Performance Comparison of Native vs. Browser-based Algorithm Implementations
AI applications pose increasing demands on performance, so it is not surprising that the era of client-side distributed software is becoming important. On top of many AI applications already using mobile hardware, and even browsers for computationally demanding AI applications, we are already witnessing the emergence of client-side (federated) machine learning algorithms, driven by the interest...
متن کاملWASM - A Metric for Securing a Web Application
Journal of Research and Practice in Information Technology, Vol. 46, No. 1, February 2014 Copyright© 2014, Australian Computer Society Inc. General permission to republish, but not for profi t, all or part of this material is granted, provided that the JRPIT copyright notice is given and that reference is made to the publication, to its date of issue, and to the fact that reprinting privileges ...
متن کاملGeotechnical Properties of Mine Fill
Mine fill is the material placed underground to fill the voids created by mining excavations. It provides overall large scale ground stabilization while allowing localized pillar recovery. In addition to providing a working floor or back, mine fill has the potential to reduce subsidence and minimize dilution. Mine fill is essential to cut and fill, benching and sublevel stoping mining methods. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017