Javier Cabrera Arteaga, Orestis Floros, Benoit Baudry, Martin Monperrus (KTH Royal Institute of Technology), Oscar Vera Perez (Univ Rennes, Inria, CNRS, IRISA)

The adoption of WebAssembly increases rapidly, as it provides a fast and safe model for program execution in the browser. However, WebAssembly is not exempt from vulnerabilities that can be exploited by malicious observers. Code diversification can mitigate some of these attacks. In this paper, we present the first fully automated workflow for the diversification of WebAssembly binaries. We present CROW, an open-source tool implementing this workflow through enumerative synthesis of diverse code snippets expressed in the LLVM intermediate representation. We evaluate CROW’s capabilities on 303 C programs and study its use on a real-life security-sensitive program: libsodium, a modern cryptographic library. Overall, CROW is able to generate diverse variants for 239 out of 303 (79%) small programs. Furthermore, our experiments show that our approach and tool is able to successfully diversify off-the-shelf cryptographic software (libsodium).

View More Papers

(Short) Object Removal Attacks on LiDAR-based 3D Object Detectors

Zhongyuan Hau, Kenneth Co, Soteris Demetriou, and Emil Lupu (Imperial College London) Best Short Paper Award Runner-up!

Read More

Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers

Madura A. Shelton (University of Adelaide), Niels Samwel (Radboud University), Lejla Batina (Radboud University), Francesco Regazzoni (University of Amsterdam and...

Read More

Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile...

Zhuoran Liu (Radboud university), Niels Samwel (Radboud University), Léo Weissbart (Radboud University), Zhengyu Zhao (Radboud University), Dirk Lauret (Radboud University),...

Read More

Dinosaur Resurrection: PowerPC Binary Patching for Base Station Analysis

Uwe Muller, Eicke Hauck, Timm Welz, Jiska Classen, Matthias Hollick (Secure Mobile Networking Lab, TU Darmstadt)

Read More