WebAssembly is the fourth officially endorsed Web language. It is recognized because of its efficiency and design, focused on security. Yet, its swiftly expanding ecosystem lacks robust software diversification systems. We introduce WASM-MUTATE, a diversification engine specifically designed for WebAssembly. Our engine meets several essential criteria: 1) To quickly generate functionally identical, yet behaviorally diverse, WebAssembly variants, 2) To be universally applicable to any WebAssembly program, irrespective of the source programming language, and 3) Generated variants should counter side-channels. By leveraging an e-graph data structure, WASM-MUTATE is implemented to meet both speed and efficacy. We evaluate WASM-MUTATE by conducting experiments on 404 programs, which include real-world applications. Our results highlight that WASM-MUTATE can produce tens of thousands of unique and efficient WebAssembly variants within minutes. Significantly, WASM-MUTATE can safeguard WebAssembly binaries against timing side-channel attacks,especially those of the Spectre type.

翻译：WebAssembly是第四种获得官方认可的Web语言，因其在安全方面的效率与设计而备受认可。然而，其快速扩展的生态系统缺乏稳健的软件多样化系统。我们提出专为WebAssembly设计的多样化引擎WASM-MUTATE。该引擎满足以下关键标准：1）快速生成功能相同但行为多样化的WebAssembly变体；2）通用适用于任意WebAssembly程序，无论其源编程语言为何；3）生成的变体应能抵御侧信道攻击。通过利用e-graph数据结构，WASM-MUTATE兼顾了速度与有效性。我们在包含真实世界应用的404个程序上开展实验评估，结果表明WASM-MUTATE能在数分钟内生成数万个独特且高效的WebAssembly变体。尤其值得注意的是，WASM-MUTATE可有效保护WebAssembly二进制文件免受时序侧信道攻击，特别是Spectre类型攻击。