CAREER: Principled and practical secure compilation using WebAssembly

职业：使用 WebAssembly 进行原理性且实用的安全编译

• 批准号: 2048262
• 负责人: Deian Stefan
• 金额: $ 60万
• 依托单位: University of California-San Diego
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-03-01 至 2026-02-28
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2048262&HistoricalAwards=false
• 关键词: CAREER; Principled; practical; secure; compilation

Building secure computer systems today is hard: a single bug in the source code that programmers write or in the compilers they use to generate machine code could expose systems to attack. Secure compilation is a principled approach to building systems with end-to-end security guarantees from the start. When compiling code, secure compilers ensure that the security properties of high-level code are preserved down to the machine code level. Unfortunately, the gap between the theory of secure compilation and practice is huge. In particular, existing real-world industrial compilers are not secure compilers. The goal of this project is to bridge this gap by extending the industrial WebAssembly bytecode into a unifying principled and practical abstraction for secure compilation. To this end, this project will develop (1) novel techniques and principles which will serve as foundations for end-to-end secure systems and (2) new tools that will allow programmers to build new secure systems and verify the security of existing ones. The results of this project could make hundreds of millions of users safer: end-to-end security guarantees can prevent exploits in widely-used systems, from web browsers to next generation cloud platforms. The project will also contribute to the education of both college and high school students, and train the next generation engineers how to build end-to-end secure systems. This project takes a principled and practical approach to building secure systems by turning WebAssembly into a secure compilations intermediate representation (IR): a target IR for secure compilers from high-level languages and as a source IR for secure compilers to machine code. Turning WebAssembly into a secure compilation IR requires addressing research challenges on two fronts. First, WebAssembly currently does not expose any abstractions for reasoning about high-level security properties, like memory-safety or constant-time. This makes it hard to build secure compilers to WebAssembly. Second, existing compilers of WebAssembly are not proven to preserve any security properties at the machine code level; bugs in compilers and microarchitectural details could both undermine WebAssembly's security guarantees (and thus the security of the systems that rely on these guarantees). This project tackles these challenges by (1) developing secure compilers of WebAssembly to native platforms, (2) extending WebAssembly with new abstractions (e.g., for memory-safety and constant-time) that make it possible to build secure compilers to WebAssembly, and (3) building secure compilers from high-level languages to WebAssembly that preserve properties like memory-safety and constant-time end-to-end. The project will yield both new innovations in formal reasoning and advances in practical secure systems building.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

今天，构建安全的计算机系统是很困难的：程序员编写的源代码或用于生成机器代码的编译器中的一个错误都可能使系统暴露于攻击之下。安全编译是构建从一开始就具有端到端安全保证的系统的原则性方法。在编译代码时，安全编译器确保将高级代码的安全属性保留到机器代码级别。不幸的是，安全编译的理论和实践之间存在着巨大的差距。特别地，现有的真实世界工业编译器不是安全编译器。该项目的目标是通过将工业WebAssembly字节码扩展为一个统一的原则和实用的安全编译抽象来弥合这一差距。为此，该项目将开发（1）新的技术和原则，作为端到端安全系统的基础，以及（2）新的工具，使程序员能够构建新的安全系统并验证现有系统的安全性。该项目的结果可以使数亿用户更安全：端到端的安全保证可以防止从Web浏览器到下一代云平台的广泛使用的系统中的漏洞利用。该项目还将有助于大学和高中学生的教育，并培训下一代工程师如何构建端到端安全系统。该项目采取了一种原则性和实用性的方法来构建安全系统，将WebAssembly转换为安全编译中间表示（IR）：用于高级语言的安全编译器的目标IR和用于机器代码的安全编译器的源IR。将WebAssembly转变为安全编译IR需要解决两个方面的研究挑战。首先，WebAssembly目前没有公开任何抽象来推理高级安全属性，如内存安全或恒定时间。这使得很难为WebAssembly构建安全的编译器。第二，现有的WebAssembly编译器没有被证明在机器码级别上保持任何安全属性;编译器和微架构细节中的错误都可能破坏WebAssembly的安全保证（以及依赖于这些保证的系统的安全性）。该项目通过以下方式应对这些挑战：（1）开发WebAssembly到本地平台的安全编译器，（2）使用新的抽象（例如，（3）从高级语言到WebAssembly构建安全的编译器，这些编译器保留了内存安全和恒定时间等属性。该项目将在形式推理方面产生新的创新，并在实际安全系统建设方面取得进展。该奖项反映了NSF的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern x86

塞格

• 发表时间: 2022
• 期刊: The 17th Workshop on Programming Languages and Analysis for Security
• 作者: Shravan Narayan, Tal Garfinkel

Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI

无需纳税的隔离：WebAssembly 和 SFI 的近乎零成本转换

• DOI: 10.1145/3498688
• 发表时间: 2022
• 期刊: Proceedings of the ACM on Programming Languages
• 作者: Kolosick, Matthew;Narayan, Shravan;Johnson, Evan;Watt, Conrad;LeMay, Michael;Garg, Deepak;Jhala, Ranjit;Stefan, Deian
• 通讯作者: Stefan, Deian

WaVe: a verifiably secure WebAssembly sandboxing runtime

• DOI: 10.1109/sp46215.2023.10179357
• 发表时间: 2023-05
• 期刊: 2023 IEEE Symposium on Security and Privacy (SP)
• 作者: Evan Johnson;Evan Laufer;Zijie Zhao;D. Gohman;Shravan Narayan;S. Savage;D. Stefan;Fraser Brown-Fraser-Brow

SoK: Practical Foundations for Software Spectre Defenses

SoK：软件幽灵防御的实用基础

• 发表时间: 2022
• 期刊: 43rd IEEE Symposium on Security and Privacy
• 作者: Sunjay Cauligi, Craig Disselkoen

Swivel: Hardening WebAssembly against Spectre

• 发表时间: 2021-02
• 期刊: ArXiv
• 作者: Shravan Narayan;Craig Disselkoen;D. Moghimi;Sunjay Cauligi;Evan Johnson;Zhao Gang;Anjo Vahldiek-Oberwagner;R. Sahita;H. Shacham;D. Tullsen;D. Stefan