August 11, 2021

A new method to protect WebAssembly against Spectre attacks

by University of California - San Diego

hack attack
Credit: Pixabay/CC0 Public Domain

Computer scientists have developed a new compiler framework, called Swivel, to protect WebAssembly, or Warm, against Spectre attacks—the class of execution attacks, which exploit the way processors predict the computations that need to happen next. The team will present its research at the USENIX Security Symposium taking place Aug. 11 to 13, 2021. 

Wasm is an instruction set that has increasingly been used to sandbox untrusted code outside the browser. But unfortunately, Spectre attacks can bypass Wasm's isolation guarantees. To prevent this, Swivel ensures that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandox pr force another Wasm client or the embedding process itself to leak secret data. 

Swivel does this via two different approaches: a -only approach that can be used on existing CPUs; and a -assisted approach that uses extensions available in Intel 11th-generation CPUs.

More information: Full paper: www.usenix.org/system/files/sec21fall-narayan.pdf

Provided by University of California - San Diego
Citation: A new method to protect WebAssembly against Spectre attacks (2021, August 11) retrieved 19 April 2024 from https://techxplore.com/news/2021-08-method-webassembly-spectre.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Reports: Intel chips have new security flaws
235 shares

Feedback to editors
Team develops a way to teach a computer to type like a human

10 hours ago
Universal 'cocktail electrolyte' developed for 4.6 V ultra-stable fast charging of commercial lithium-ion batteries

10 hours ago
Garbage could replace a quarter of petroleum-based jet fuel every year

11 hours ago
For more open and equitable public discussions on social media, try 'meronymity'

13 hours ago
Mess is best: Disordered structure of battery-like devices improves performance

13 hours ago
Meta's newest AI model beats some peers. But its amped-up AI agents are confusing Facebook users

14 hours ago
An ink for 3D-printing flexible devices without mechanical joints

14 hours ago
Floating solar's potential to support sustainable development

15 hours ago
Harvesting vibrational energy from 'colored noise'

16 hours ago
New understanding of energy losses in emerging light source

16 hours ago
Load comments (0)