Sweivel: 硬化网络大会对抗光天化日之下 (Swivel: Hardening WebAssembly against Spectre)

Shravan Narayan,Craig Disselkoen,Daniel Moghimi,Sunjay Cauligi,Evan Johnson,Zhao Gang,Anjo Vahldiek-Oberwagner,Ravi Sahita,Hovav Shacham,Dean Tullsen,Deian Stefan

from arxiv, Accepted at USENIX 21

We describe Swivel, a new compiler framework for hardening WebAssembly (Wasm) against Spectre attacks. Outside the browser, Wasm has become a popular lightweight, in-process sandbox and is, for example, used in production to isolate different clients on edge clouds and function-as-a-service platforms. Unfortunately, Spectre attacks can bypass Wasm's isolation guarantees. Swivel hardens Wasm against this class of attacks by ensuring that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code-another Wasm client or the embedding process-to leak secret data. We describe two Swivel designs, a software-only approach that can be used on existing CPUs, and a hardware-assisted approach that uses extension available in Intel 11th generation CPUs. For both, we evaluate a randomized approach that mitigates Spectre and a deterministic approach that eliminates Spectre altogether. Our randomized implementations impose under 10.3% overhead on the Wasm-compatible subset of SPEC 2006, while our deterministic implementations impose overheads between 3.3% and 240.2%. Though high on some benchmarks, Swivel's overhead is still between 9x and 36.3x smaller than existing defenses that rely on pipeline fences.

翻译：我们描述Swivel(Swivel),这是一个针对Spectre攻击的硬化网络大会(Wasm)的新编译框架。在浏览器之外,Wamm已经成为一个受欢迎的轻量级、在工艺过程中的沙箱,并被用于生产中隔离边缘云层和功能为服务平台的不同客户。不幸的是,Spectre攻击可以绕过Wam的孤立保证。Swivel 硬度是针对这种类型的攻击的,方法是确保潜在恶意代码无法使用Spectre攻击来打破Wasm沙箱,也不能强迫受害者代码化的Wasm客户或嵌入过程泄漏秘密数据。我们描述了两种Swivel 设计,一种软件专用方法,可用于现有CPUs和功能为功能为服务的平台。不幸的是,Spetrical攻击可以绕过Wam的11代CPUs的孤立保证。我们评价一种随机化的方法,即减轻Spectretrefretreet的防线和威慑性方法。我们随机化的实施工作将10%的间接费用强加在2006年的瓦可成问题的部分中,而我们确定式的防御系统则以3.3%作为基准的中。

相关内容