Swivel: Hardening Webassembly Against Spectre
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Differential Fuzzing the Webassembly
Master’s Programme in Security and Cloud Computing Differential Fuzzing the WebAssembly Master’s Thesis Gilang Mentari Hamidy MASTER’S THESIS Aalto University - EURECOM MASTER’STHESIS 2020 Differential Fuzzing the WebAssembly Fuzzing Différentiel le WebAssembly Gilang Mentari Hamidy This thesis is a public document and does not contain any confidential information. Cette thèse est un document public et ne contient aucun information confidentielle. Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Technology. Antibes, 27 July 2020 Supervisor: Prof. Davide Balzarotti, EURECOM Co-Supervisor: Prof. Jan-Erik Ekberg, Aalto University Copyright © 2020 Gilang Mentari Hamidy Aalto University - School of Science EURECOM Master’s Programme in Security and Cloud Computing Abstract Author Gilang Mentari Hamidy Title Differential Fuzzing the WebAssembly School School of Science Degree programme Master of Science Major Security and Cloud Computing (SECCLO) Code SCI3084 Supervisor Prof. Davide Balzarotti, EURECOM Prof. Jan-Erik Ekberg, Aalto University Level Master’s thesis Date 27 July 2020 Pages 133 Language English Abstract WebAssembly, colloquially known as Wasm, is a specification for an intermediate representation that is suitable for the web environment, particularly in the client-side. It provides a machine abstraction and hardware-agnostic instruction sets, where a high-level programming language can target the compilation to the Wasm instead of specific hardware architecture. The JavaScript engine implements the Wasm specification and recompiles the Wasm instruction to the target machine instruction where the program is executed. Technically, Wasm is similar to a popular virtual machine bytecode, such as Java Virtual Machine (JVM) or Microsoft Intermediate Language (MSIL). -
XML a New Web Site Architecture
XML A New Web Site Architecture Jim Costello Derek Werthmuller Darshana Apte Center for Technology in Government University at Albany, SUNY 1535 Western Avenue Albany, NY 12203 Phone: (518) 442-3892 Fax: (518) 442-3886 E-mail: [email protected] http://www.ctg.albany.edu September 2002 © 2002 Center for Technology in Government The Center grants permission to reprint this document provided this cover page is included. Table of Contents XML: A New Web Site Architecture .......................................................................................................................... 1 A Better Way? ......................................................................................................................................................... 1 Defining the Problem.............................................................................................................................................. 1 Partial Solutions ...................................................................................................................................................... 2 Addressing the Root Problems .............................................................................................................................. 2 Figure 1. Sample XML file (all code simplified for example) ...................................................................... 4 Figure 2. Sample XSL File (all code simplified for example) ....................................................................... 6 Figure 3. Formatted Page Produced -
Document Object Model
Document Object Model DOM DOM is a programming interface that provides a way for the values and structure of an XML document to be accessed and manipulated. Tasks that can be performed with DOM . Navigate an XML document's structure, which is a tree stored in memory. Report the information found at the nodes of the XML tree. Add, delete, or modify elements in the XML document. DOM represents each node of the XML tree as an object with properties and behavior for processing the XML. The root of the tree is a Document object. Its children represent the entire XML document except the xml declaration. On the next page we consider a small XML document with comments, a processing instruction, a CDATA section, entity references, and a DOCTYPE declaration, in addition to its element tree. It is valid with respect to a DTD, named root.dtd. <!ELEMENT root (child*)> <!ELEMENT child (name)> <!ELEMENT name (#PCDATA)> <!ATTLIST child position NMTOKEN #REQUIRED> <!ENTITY last1 "Dover"> <!ENTITY last2 "Reckonwith"> Document Object Model Copyright 2005 by Ken Slonneger 1 Example: root.xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE root SYSTEM "root.dtd"> <!-- root.xml --> <?DomParse usage="java DomParse root.xml"?> <root> <child position="first"> <name>Eileen &last1;</name> </child> <child position="second"> <name><![CDATA[<<<Amanda>>>]]> &last2;</name> </child> <!-- Could be more children later. --> </root> DOM imagines that this XML information has a document root with four children: 1. A DOCTYPE declaration. 2. A comment. 3. A processing instruction, whose target is DomParse. 4. The root element of the document. The second comment is a child of the root element. -
Extensible Markup Language (XML) and Its Role in Supporting the Global Justice XML Data Model
Extensible Markup Language (XML) and Its Role in Supporting the Global Justice XML Data Model Extensible Markup Language, or "XML," is a computer programming language designed to transmit both data and the meaning of the data. XML accomplishes this by being a markup language, a mechanism that identifies different structures within a document. Structured information contains both content (such as words, pictures, or video) and an indication of what role content plays, or its meaning. XML identifies different structures by assigning data "tags" to define both the name of a data element and the format of the data within that element. Elements are combined to form objects. An XML specification defines a standard way to add markup language to documents, identifying the embedded structures in a consistent way. By applying a consistent identification structure, data can be shared between different systems, up and down the levels of agencies, across the nation, and around the world, with the ease of using the Internet. In other words, XML lays the technological foundation that supports interoperability. XML also allows structured relationships to be defined. The ability to represent objects and their relationships is key to creating a fully beneficial justice information sharing tool. A simple example can be used to illustrate this point: A "person" object may contain elements like physical descriptors (e.g., eye and hair color, height, weight), biometric data (e.g., DNA, fingerprints), and social descriptors (e.g., marital status, occupation). A "vehicle" object would also contain many elements (such as description, registration, and/or lien-holder). The relationship between these two objects—person and vehicle— presents an interesting challenge that XML can address. -
Seamless Offloading of Web App Computations from Mobile Device to Edge Clouds Via HTML5 Web Worker Migration
Seamless Offloading of Web App Computations From Mobile Device to Edge Clouds via HTML5 Web Worker Migration Hyuk Jin Jeong Seoul National University SoCC 2019 Virtual Machine & Optimization Laboratory Department of Electrical and Computer Engineering Seoul National University Computation Offloading Mobile clients have limited hardware resources Require computation offloading to servers E.g., cloud gaming or cloud ML services for mobile Traditional cloud servers are located far from clients Suffer from high latency 60~70 ms (RTT from our lab to the closest Google Cloud DC) Latency<50 ms is preferred for time-critical games Cloud data center End device [Kjetil Raaen, NIK 2014] 2 Virtual Machine & Optimization Laboratory Edge Cloud Edge servers are located at the edge of the network Provide ultra low (~a few ms) latency Central Clouds Mobile WiFi APs Small cells Edge Device Cloud Clouds What if a user moves? 3 Virtual Machine & Optimization Laboratory A Major Issue: User Mobility How to seamlessly provide a service when a user moves to a different server? Resume the service at the new server What if execution state (e.g., game data) remains on the previous server? This is a challenging problem Edge computing community has struggled to solve it • VM Handoff [Ha et al. SEC’ 17], Container Migration [Lele Ma et al. SEC’ 17], Serverless Edge Computing [Claudio Cicconetti et al. PerCom’ 19] We propose a new approach for web apps based on app migration techniques 4 Virtual Machine & Optimization Laboratory Outline Motivation Proposed system WebAssembly -
An XML Model of CSS3 As an XƎL ATEX-TEXML-HTML5 Stylesheet
An XML model of CSS3 as an XƎLATEX-TEXML-HTML5 stylesheet language S. Sankar, S. Mahalakshmi and L. Ganesh TNQ Books and Journals Chennai Abstract HTML5[1] and CSS3[2] are popular languages of choice for Web development. However, HTML and CSS are prone to errors and difficult to port, so we propose an XML version of CSS that can be used as a standard for creating stylesheets and tem- plates across different platforms and pagination systems. XƎLATEX[3] and TEXML[4] are some examples of XML that are close in spirit to TEX that can benefit from such an approach. Modern TEX systems like XƎTEX and LuaTEX[5] use simplified fontspec macros to create stylesheets and templates. We use XSLT to create mappings from this XML-stylesheet language to fontspec-based TEX templates and also to CSS3. We also provide user-friendly interfaces for the creation of such an XML stylesheet. Style pattern comparison with Open Office and CSS Now a days, most of the modern applications have implemented an XML package format that includes an XML implementation of stylesheet: InDesign has its own IDML[6] (InDesign Markup Language) XML package format and MS Word has its own OOXML[7] format, which is another ISO standard format. As they say ironically, the nice thing about standards is that there are plenty of them to choose from. However, instead of creating one more non-standard format, we will be looking to see how we can operate closely with current standards. Below is a sample code derived from OpenOffice document format: <style:style style:name=”Heading_20_1” style:display-name=”Heading -
Webassembly a New World of Native Exploits on the Web Agenda
WebAssembly A New World Of Native Exploits On The Web Agenda • Introduction • The WebAssembly Platform • Emscripten • Possible Exploit Scenarios • Conclusion Wasm: What is it good for? ● Archive.org web emulators ● Image/processing ● Video Games ● 3D Modeling ● Cryptography Libraries ● Desktop Application Ports Wasm: Crazy Incoming ● Browsix, jslinux ● Runtime.js (Node), Nebulet ● Cervus ● eWASM Java Applet Joke Slide ● Sandboxed ● Virtual Machine, runs its own instruction set ● Runs in your browser ● Write once, run anywhere ● In the future, will be embedded in other targets What Is WebAssembly? ● A relatively small set of low-level instructions ○ Instructions are executed by browsers ● Native code can be compiled into WebAssembly ○ Allows web developers to take their native C/C++ code to the browser ■ Or Rust, or Go, or anything else that can compile to Wasm ○ Improved Performance Over JavaScript ● Already widely supported in the latest versions of all major browsers ○ Not limited to running in browsers, Wasm could be anywhere Wasm: A Stack Machine Text Format Example Linear Memory Model Subtitle Function Pointers Wasm in the Browser ● Wasm doesn’t have access to memory, DOM, etc. ● Wasm functions can be exported to be callable from JS ● JS functions can be imported into Wasm ● Wasm’s linear memory is a JS resizable ArrayBuffer ● Memory can be shared across instances of Wasm ● Tables are accessible via JS, or can be shared to other instances of Wasm Demo: Wasm in a nutshell Emscripten ● Emscripten is an SDK that compiles C/C++ into .wasm binaries ● LLVM/Clang derivative ● Includes built-in C libraries, etc. ● Also produces JS and HTML code to allow easy integration into a site. -
Superoptimization of Webassembly Bytecode
Superoptimization of WebAssembly Bytecode Javier Cabrera Arteaga Shrinish Donde Jian Gu Orestis Floros [email protected] [email protected] [email protected] [email protected] Lucas Satabin Benoit Baudry Martin Monperrus [email protected] [email protected] [email protected] ABSTRACT 2 BACKGROUND Motivated by the fast adoption of WebAssembly, we propose the 2.1 WebAssembly first functional pipeline to support the superoptimization of Web- WebAssembly is a binary instruction format for a stack-based vir- Assembly bytecode. Our pipeline works over LLVM and Souper. tual machine [17]. As described in the WebAssembly Core Specifica- We evaluate our superoptimization pipeline with 12 programs from tion [7], WebAssembly is a portable, low-level code format designed the Rosetta code project. Our pipeline improves the code section for efficient execution and compact representation. WebAssembly size of 8 out of 12 programs. We discuss the challenges faced in has been first announced publicly in 2015. Since 2017, it has been superoptimization of WebAssembly with two case studies. implemented by four major web browsers (Chrome, Edge, Firefox, and Safari). A paper by Haas et al. [11] formalizes the language and 1 INTRODUCTION its type system, and explains the design rationale. The main goal of WebAssembly is to enable high performance After HTML, CSS, and JavaScript, WebAssembly (WASM) has be- applications on the web. WebAssembly can run as a standalone VM come the fourth standard language for web development [7]. This or in other environments such as Arduino [10]. It is independent new language has been designed to be fast, platform-independent, of any specific hardware or languages and can be compiled for and experiments have shown that WebAssembly can have an over- modern architectures or devices, from a wide variety of high-level head as low as 10% compared to native code [11]. -
Markup Languages SGML, HTML, XML, XHTML
Markup Languages SGML, HTML, XML, XHTML CS 431 – February 13, 2006 Carl Lagoze – Cornell University Problem • Richness of text – Elements: letters, numbers, symbols, case – Structure: words, sentences, paragraphs, headings, tables – Appearance: fonts, design, layout – Multimedia integration: graphics, audio, math – Internationalization: characters, direction (up, down, right, left), diacritics • Its not all text Text vs. Data • Something for humans to read • Something for machines to process • There are different types of humans • Goal in information infrastructure should be as much automation as possible • Works vs. manifestations • Parts vs. wholes • Preservation: information or appearance? Who controls the appearance of text? • The author/creator of the document • Rendering software (e.g. browser) – Mapping from markup to appearance •The user –Window size –Fonts and size Important special cases • User has special requirements – Physical abilities –Age/education level – Preference/mood • Client has special capabilities – Form factor (mobile device) – Network connectivity Page Description Language • Postscript, PDF • Author/creator imprints rendering instructions in document – Where and how elements appear on the page in pixels Markup languages •SGML, XML • Represent structure of text • Must be combined with style instructions for rendering on screen, page, device Markup and style sheets document content Marked-up document & structure style sheet rendering rendering software instructions formatted document Multiple renderings from same -
Development and Maintenance of Xml-Based Versus Html-Based Websites: a Case Study
DEVELOPMENT AND MAINTENANCE OF XML-BASED VERSUS HTML-BASED WEBSITES: A CASE STUDY Mustafa Atay Department of Computer Science Winston-Salem State University Winston-Salem, NC 27110 USA [email protected] ABSTRACT HTML (Hyper Text Markup Language) has been the primary tool for designing and developing web pages over the years. Content and formatting information are placed together in an HTML document. XML (Extensible Markup Language) is a markup language for documents containing semi-structured and structured information. XML separates formatting from the content. While websites designed in HTML require the formatting information to be included along with the new content when an update occurs, XML does not require adding format information as this information is separately included in XML stylesheets (XSL) and need not be updated when new content is added. On the other hand, XML makes use of extra tags in the XML and XSL files which increase the space usage. In this study, we design and implement two experimental websites using HTML and XML respectively. We incrementally update both websites with the same data and record the change in the size of code for both HTML and XML editions to evaluate the space efficiency of these websites. KEYWORDS XML, XSLT, HTML, Website Development, Space Efficiency 1. INTRODUCTION HTML (Hyper Text Markup Language) [1] has been the primary tool for designing and developing web pages for a long time. HTML is primarily intended for easily designing and formatting web pages for end users. Web pages developed in HTML are unstructured by its nature. Therefore, programmatic update and maintenance of HTML web pages is not an easy task. -
Webassembly Backgrounder
Copyright (c) Clipcode Limited 2021 - All rights reserved Clipcode is a trademark of Clipcode Limited - All rights reserved WebAssembly Backgrounder [DRAFT] Written By Eamon O’Tuathail Last updated: January 8, 2021 Table of Contents 1: Introduction.................................................................................................3 2: Tooling & Getting Started.............................................................................13 3: Values.......................................................................................................18 4: Flow Control...............................................................................................27 5: Functions...................................................................................................33 6: (Linear) Memory.........................................................................................42 7: Tables........................................................................................................50 1: Introduction Overview The WebAssembly specification is a definition of an instruction set architecture (ISA) for a virtual CPU that runs inside a host embedder. Initially, the most widely used embedder is the modern standard web browser (no plug-ins required). Other types of embedders can run on the server (e.g. inside standard Node.js v8 – no add-ons required) or in future there could be more specialist host embedders such as a cross- platform macro-engine inside desktop, mobile or IoT applications. Google, Mozilla, Microsoft and -
Schema Based Storage of Xml Documents in Relational Databases
International Journal on Web Service Computing (IJWSC), Vol.4, No.2, June 2013 SCHEMA BASED STORAGE OF XML DOCUMENTS IN RELATIONAL DATABASES Dr. Pushpa Suri1 and Divyesh Sharma2 1Department of Computer Science and Applications, Kurukshetra University, Kurukshetra [email protected] 2Department of Computer Science and Applications, Kurukshetra University, Kurukshetra [email protected] ABSTRACT XML (Extensible Mark up language) is emerging as a tool for representing and exchanging data over the internet. When we want to store and query XML data, we can use two approaches either by using native databases or XML enabled databases. In this paper we deal with XML enabled databases. We use relational databases to store XML documents. In this paper we focus on mapping of XML DTD into relations. Mapping needs three steps: 1) Simplify Complex DTD’s 2) Make DTD graph by using simplified DTD’s 3) Generate Relational schema. We present an inlining algorithm for generating relational schemas from available DTD’s. This algorithm also handles recursion in an XML document. KEYWORDS XML, Relational databases, Schema Based Storage 1. INTRODUCTION As XML (extensible markup language) documents needs efficient storage. The concept of Relational data bases provides more mature way to store and query these documents. Research on storage of XML documents using relational databases are classified by two kinds : Schema oblivious storage, Schema Based storage .Schema oblivious storage does not use any DTD (document type definition) or XML schema to map XML document in to relations[4][5][6][7][8][9][10]. Schema based storage requires DTD attached with the XML documents itself .