SecWasm: Information Flow Control for WebAssembly

by Iulia Bastys, Maximilian Algehed, Alexander Sjösten, Andrei Sabelfeld.

In Proceedings of the 29th Static Analysis Symposium (SAS), December 2022.

We introduce SecWasm, the first general purpose information-flow control system for WebAssembly (Wasm), thus extending the safety guarantees offered by Wasm with guarantees that applications manipulate sensitive data in a secure way. SecWasm is a hybrid system enforcing termination-insensitive noninterference which overcomes the challenges posed by the uncommon characteristics for machine languages of Wasm in an elegant and thorough way.

[Paper] [Full version]