WebAssembly has is renowned for its efficiency and security in browser environments and servers alike. The burgeoning ecosystem of WebAssembly compilers and tools lacks robust software diversification systems. We introduce WASM-MUTATE, a compiler-agnostic WebAssembly diversification engine. It is engineered to fulfill the following key criteria: 1) the rapid generation of semantically equivalent yet behaviorally diverse WebAssembly variants, 2) universal applicability to any WebAssembly programs regardless of the source programming language, and 3) the capability to counter high-risk security threats. Utilizing an e-graph data structure, WASM-MUTATE is both fast and effective. Our experiments reveal that WASM-MUTATE can efficiently generate tens of thousands of unique WebAssembly variants in a matter of minutes. Notably, WASM-MUTATE can protect WebAssembly binaries against timing side-channel attacks, specifically, Spectre.

翻译：WebAssembly以其在浏览器环境及服务器中的高效性和安全性而著称。然而，蓬勃发展的WebAssembly编译器及工具生态缺乏健壮的软件多样化系统。我们提出WASM-MUTATE，一种与编译器无关的WebAssembly多样化引擎。该引擎旨在满足以下关键标准：1）快速生成语义等价但行为多样的WebAssembly变体；2）通用适用于任何WebAssembly程序，无论其源编程语言为何；3）具备抵御高风险安全威胁的能力。通过利用e-graph数据结构，WASM-MUTATE兼具高效性与有效性。实验表明，WASM-MUTATE能在数分钟内高效生成数万个独特的WebAssembly变体。值得注意的是，WASM-MUTATE可保护WebAssembly二进制文件免受时序侧信道攻击，尤其是Spectre攻击。