WebAssembly (WASM) is an immensely versatile and increasingly popular compilation target. It executes applications written in several languages (e.g., C/C++) with near-native performance in various domains (e.g., mobile, edge, cloud). Despite WASM's sandboxing feature, which isolates applications from other instances and the host platform, WASM does not inherently provide any memory safety guarantees for applications written in low-level, unsafe languages. To this end, we propose Cage, a hardware-accelerated toolchain for WASM that supports unmodified applications compiled to WASM and utilizes diverse Arm hardware features aiming to enrich the memory safety properties of WASM. Precisely, Cage leverages Arm's Memory Tagging Extension (MTE) to (i) provide spatial and temporal memory safety for heap and stack allocations and (ii) improve the performance of WASM's sandboxing mechanism. Cage further employs Arm's Pointer Authentication (PAC) to prevent leaked pointers from being reused by other WASM instances, thus enhancing WASM's security properties. We implement our system based on 64-bit WASM. We provide a WASM compiler and runtime with support for Arm's MTE and PAC. On top of that, Cage's LLVM-based compiler toolchain transforms unmodified applications to provide spatial and temporal memory safety for stack and heap allocations and prevent function pointer reuse. Our evaluation on real hardware shows that Cage incurs minimal runtime (<5.8%) and memory (<3.7%) overheads and can improve the performance of WASM's sandboxing mechanism, achieving a speedup of over 5.1%, while offering efficient memory safety guarantees.
翻译:WebAssembly(WASM)是一种极其通用且日益流行的编译目标。它能够在移动、边缘、云端等多种场景中,以接近原生的性能执行多种语言(如C/C++)编写的应用程序。尽管WASM具备沙箱隔离特性,可将应用程序与其他实例及宿主平台隔离,但其本身并未为使用低级、不安全语言编写的应用程序提供任何内存安全保证。为此,我们提出Cage——一种硬件加速的WASM工具链,支持未经修改编译至WASM的应用程序,并利用多种Arm硬件特性以增强WASM的内存安全性。具体而言,Cage利用Arm的内存标签扩展(MTE)实现以下功能:(i)为堆与栈分配提供空间与时间内存安全;(ii)提升WASM沙箱机制的性能。Cage进一步采用Arm指针认证(PAC)技术,防止泄露的指针被其他WASM实例重用,从而增强WASM的安全属性。我们基于64位WASM实现了该系统,提供了支持Arm MTE与PAC的WASM编译器与运行时环境。在此基础上,Cage基于LLVM的编译工具链能够对未经修改的应用程序进行转换,为栈和堆分配提供时空内存安全,并防止函数指针重用。在实际硬件上的评估表明,Cage仅产生极低的运行时开销(<5.8%)与内存开销(<3.7%),并能将WASM沙箱机制的性能提升超过5.1%,同时提供高效的内存安全保证。