WaSCR: A WebAssembly Instruction-Timing Side Channel Repairer

Download PDF

Liyan Huang, Junzhou He, Chao Wang, Weihang Wang

Published: 29 Jan 2025, Last Modified: 29 Jan 2025WWW 2025 PosterEveryoneRevisionsBibTeXCC BY 4.0
Track: Security and privacy
Keywords: WebAssembly, Side-channel Attack, Static Program Analysis, Program Repair
TL;DR: In this paper, we present WaSCR, an automated WebAssembly instruction-timing Side-Channel Repairer.
Abstract: WebAssembly (Wasm) is a platform-independent, low-level binary language that enables near-native performance in web applications. Given its growing importance in the web ecosystem, securing WebAssembly programs becomes increasingly important. A key security concern with WebAssembly is the threat of instruction-timing side-channel attacks, which exploit timing variations in branch instructions dependent on sensitive data, allowing attackers to infer sensitive information through timing measurement. In this paper, we introduce WaSCR, an automated WebAssembly instruction-timing Side-Channel Repairer. WaSCR uses control and data dependencies to trace the flow of sensitive data and prevent its leakage. It employs rule-based code transformations to linearize the program, eliminating branches dependent on sensitive data and substituting them with constant-time selectors. Our evaluation demonstrates that WaSCR effectively eliminates instruction-timing side channels while maintaining program correctness, with efficient repairs and moderate performance overhead.
Submission Number: 2072

OpenReview is a long-term project to advance science through improved peer review with legal nonprofit status. We gratefully acknowledge the support of the OpenReview Sponsors. © 2025 OpenReview