CROW: Code Diversification for WebAssembly
This addresses security risks from side-channel attacks in WebAssembly for developers and users, but it is incremental as it applies known diversification techniques to a new platform.
The paper tackled the problem of vulnerabilities in WebAssembly binaries by developing CROW, the first fully automated workflow for code diversification, which successfully generated diverse variants for 79% of 303 C programs and diversified the libsodium cryptographic library.
The adoption of WebAssembly has rapidly increased in the last few years as it provides a fast and safe model for program execution. However, WebAssembly is not exempt from vulnerabilities that could be exploited by side channels attacks. This class of vulnerabilities that can be addressed by code diversification. In this paper, we present the first fully automated workflow for the diversification of WebAssembly binaries. We present CROW, an open-source tool implementing this workflow. We evaluate CROW's capabilities on 303 C programs and study its use on a real-life security-sensitive program: libsodium, a cryptographic library. Overall, CROWis able to generate diverse variants for 239 out of 303,(79%) small programs. Furthermore, our experiments show that our approach and tool is able to successfully diversify off-the-shelf cryptographic software (libsodium).