Taint Tracking for WebAssembly
This addresses security risks for web developers and users running untrusted WebAssembly binaries in browsers, representing a novel contribution in this domain.
The authors tackled the lack of security analysis for WebAssembly by building the first WebAssembly virtual machine in native JavaScript with a novel taint tracking system to monitor sensitive data flow in untrusted code, showing it is correct, secure, and relatively efficient.
WebAssembly seeks to provide an alternative to running large and untrusted binaries within web browsers by implementing a portable, performant, and secure bytecode format for native web computation. However, WebAssembly is largely unstudied from a security perspective. In this work, we build the first WebAssembly virtual machine that runs in native JavaScript, and implement a novel taint tracking system that allows a user to run untrusted WebAssembly code while monitoring the flow of sensitive data through the application. We also introduce indirect taint, a label that denotes the implicit flow of sensitive information between local variables. Through rigorous testing and validation, we show that our system is correct, secure, and relatively efficient, benefiting from the native performance of WebAssembly while retaining precise security guarantees of more mature software paradigms.