Swivel: Hardening WebAssembly against Spectre

WebAssembly or Wasm is a portable bytecode that has increasingly been using sandbox untrusted code outside the browser. But unfortunately, Spectre attacks—the class of transient execution attacks which exploit control flow predictors—can bypass Wasm’s isolation guarantees.

In Swivel: Hardening WebAssembly against Spectre, UC San Diego CSE/CNS Ph.D. students and researchers Shravan Narayan, Craig Disselkoen, Sunjay Cauligi, Evan Johnson, Zhao Gang, CSE/CNS Postdoc Daniel Moghimi, CSE Professor Dean Tullsen, CSE/CNS Professor Deian Stefan, UT Austin Professor Hovav Shacham, and Intel collaborators Anjo Vahldiek-Oberwagner and Ravi Sahita focus on hardening Wasm against Spectre attacks.

The team takes a compiler-based approach to harden Wasm against Spectre without resorting to process isolation or the use of fences. Their new compiler framework, Swivel, ensures that code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code to leak secret data.

To develop Swivel, the team describes a software-only approach that can be used on existing CPUs and a hardware-assisted approach that uses extensions available in Intel 11th generation CPUs. For both, they evaluate a randomized approach that mitigates Spectre and a deterministic approach that eliminates Spectre altogether. Their work will appear at the 30th USENIX Security Symposium, August 2021.