<div class="csl-bib-body">
<div class="csl-entry">Scherer, M., Blaabjerg, J. F., Sjösten, A., & Maffei, M. (2025). Wanilla: Sound Noninterference Analysis for WebAssembly. In <i>CCS ’25: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security</i> (pp. 126–140). Association for Computing Machinery. https://doi.org/10.1145/3719027.3765156</div>
</div>
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/223056
-
dc.description.abstract
WebAssembly (Wasm) is rapidly gaining popularity as a distribution format for software components embedded in various security-critical domains. Unfortunately, despite its prudent design, WebAssembly's primary use case as a compilation target for memory-unsafe languages leaves some possibilities for memory corruption. Independently of that, Wasm is an inherently interesting target for information flow analysis due to its interfacing role.
Both the information flows between a Wasm module and its embedding context, as well as the memory integrity within a module, can be described by the hyperproperty noninterference. So far, no sound, fully static noninterference analysis for Wasm has been presented, but sound reachability analyses were. This work presents a novel and general approach to lift reachability analyses to noninterference by tracking taints on values and using value-sensitive, relational reasoning to remove them when appropriate. We implement this approach in Wanilla, the first automatic, sound, and fully static noninterference analysis for WebAssembly, and demonstrate its performance and precision by verifying memory integrity and other noninterference properties with several synthetic and real-world benchmarks.
en
dc.description.sponsorship
FWF - Österr. Wissenschaftsfonds
-
dc.description.sponsorship
Christian Doppler Forschungsgesells
-
dc.description.sponsorship
European Commission
-
dc.description.sponsorship
WWTF Wiener Wissenschafts-, Forschu und Technologiefonds
-
dc.description.sponsorship
SBA Research gemeinnützige GmbH
-
dc.language.iso
en
-
dc.subject
Abstract Interpretation
en
dc.subject
Information Flow Control
en
dc.subject
Noninterference
en
dc.subject
Static Analysis
en
dc.subject
Taint Tracking
en
dc.subject
WebAssembly
en
dc.title
Wanilla: Sound Noninterference Analysis for WebAssembly
en
dc.type
Inproceedings
en
dc.type
Konferenzbeitrag
de
dc.contributor.affiliation
Aarhus University, Denmark
-
dc.relation.isbn
979-8-4007-1525-9
-
dc.description.startpage
126
-
dc.description.endpage
140
-
dc.relation.grantno
F 8500
-
dc.relation.grantno
CDL-BOT
-
dc.relation.grantno
101141432
-
dc.relation.grantno
ICT22-007
-
dc.relation.grantno
879754
-
dc.type.category
Full-Paper Contribution
-
tuw.booktitle
CCS '25: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security
-
tuw.peerreviewed
true
-
tuw.relation.publisher
Association for Computing Machinery
-
tuw.relation.publisherplace
New York, NY, USA
-
tuw.project.title
Semantische und kryptografische Grundlagen von Informationssicherheit und Datenschutz durch modulares Design
-
tuw.project.title
Blockchaintechnologien für das Internet der Dinge
-
tuw.project.title
Formal Methods for Secure Blockchain-Oriented Programming
-
tuw.project.title
Effective Formal Methods for Smart-Contract Certification
-
tuw.project.title
Sicherheits- und Datenschutzgrundlagen von Blockchain-Technologien
