• Title/Summary/Keyword: 웹 어셈블리

Search Result 19, Processing Time 0.021 seconds

Fuzzing Method for Web-Assembly Module Safety Validation (웹 어셈블리 모듈 안전성 검증을 위한 퍼징 방법)

  • Park, Sunghyun;Kang, Sangyong;Kim, Yeonsu;Noh, Bongnam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.2
    • /
    • pp.275-285
    • /
    • 2019
  • Web-assemblies are a new binary standard designed to improve the performance of Web browser JavaScript. Web-assemblies are becoming a new web standard that can run at near native speed with efficient execution, concise representation, and code written in multiple languages. However, current Web-assembly vulnerability verification is limited to the Web assembly interpreter language, and vulnerability verification of Web-assembly binary itself is insufficient. Therefore, it is necessary to verify the safety of the web assembly itself. In this paper, we analyze how to operate the web assembly and verify the safety of the current web-assembly. In addition, we examine vulnerability of existing web -assembly and analyze limitations according to existing safety verification method. Finally, we introduce web-assembly API based fuzzing method to overcome limitation of web-assembly safety verification method. This verifies the effectiveness of the proposed Fuzzing by detecting crashes that could not be detected by existing safety verification tools.

WACFI: Code Instrumentation Technique for Protection of Indirect Call in WebAssembly (WACFI: 웹 어셈블리에서의 간접호출 명령어 보호를 위한 코드 계측 기술)

  • Chang, Yoonsoo;Kim, Youngju;Kwon, Donghyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.4
    • /
    • pp.753-762
    • /
    • 2021
  • WebAssembly(WASM) is a low-level instruction format that can be run in a web environment. Since WASM has a excellent performance, various web applications use webassembly. However, according to our security analysis WASM has a security pitfall related to control flow integrity (CFI) for indirect calls. To address the problem in this paper we propose a new code instrumentation scheme to protect indirect calls, named WACFI. Specifically WACFI enhances a CFI technique for indirect call in WASM based on source code anlysis and binary instrumentation. To test the feasibility of WACFI, we applied WACFI to a sound-encoding application. According to our experimental results WACFI only adds 2.75% overhead on the execution time while protecting indirect calls safely.

Enhancing Kernel Module Security Using WebAssembly (웹어셈블리를 활용한 커널 모듈 보안성 강화)

  • Hajeong Lim;Hojoon Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.2
    • /
    • pp.337-344
    • /
    • 2023
  • Modern OSs, including Linux, show high scalability by adopting a monolithic kernel design, but have weak security because they share all memory space. This study presents a kernel module that are isolated inside the kernel using WebAssembly. WebAssembly provides a high-performance virtual machine by defining a low-level instruction set while guaranteeing memory safety. In this paper, the WebAssembly execution environment is implemented inside the kernel, allowing developers to control the operation of kernel modules and achieving higher security.

Web Assembly System Architecture Model (웹 어셈블리 시스템 아키텍처 모델)

  • Park, Jin-Tae;Moon, Il-Young
    • Journal of Advanced Navigation Technology
    • /
    • v.23 no.4
    • /
    • pp.328-332
    • /
    • 2019
  • Advances in web technology have enabled technical convergence in various system environments to be carried out through the web interface. The Web can be categorized from the Web 1.0 to the 4.0, depending on its role, it has the characteristics of connects information, connects people, connects knowledge, and connects intelligence. In addition, various technological needs occurred through the mobile app during the 4th Industrial Revolution, and functions such as 3D, virtual reality, augmented reality, video/audio processing were enabled on the web, which was a simple means of providing information. Technical standards have been studied to support these period needs. In this paper, I would like to mention one of the Web assembly. We will explore ways to link and fuse Web assembly with existing web systems (or platforms) and analyze their technical implications through a variety of examples. In addition, we will conduct a study on the architecture that can fuse the existing javascript with the web assembly, and discuss the future direction of the study.

Image Processing Acceleration using WebGPU and WebAssembly (웹GPU와 웹어셈블리를 이용한 이미지 프로세싱 가속)

  • Hyunwoo Nam;Myungho Lee;Neungsoo Park
    • The Transactions of the Korea Information Processing Society
    • /
    • v.13 no.10
    • /
    • pp.574-578
    • /
    • 2024
  • JavaScript is slow for high-performance image processing in web browsers and cannot directly utilize the GPU. Therefore, web plugin technology or server-based processing methods have been used. However, since web plugins are no longer supported by the latest web browsers and server processing methods become increasingly expensive as the number of users grows. In this paper, an image processing acceleration method is proposed using the latest web standards such as WASM and WebGPU in a client environment, instead of plugins or server-based methods. The final experimental results confirmed that the WASM+WebGPU-based code, which utilizes both the CPU and GPU, improved execution performance by up to 10 times compared to traditional javaScript.

Implementation and performance evaluation of PIPO lightweight block ciphers on the web (웹상에서의 PIPO 경량 블록암호 구현 및 성능 평가)

  • Lim, Se-Jin;Kim, Won-Woong;Kang, Yea-Jun;Seo, Hwa-Jeong
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.26 no.5
    • /
    • pp.731-742
    • /
    • 2022
  • PIPO is the latest domestic lightweight block cipher announced in ICISC'20, which is characterized by being lightweight to facilitate implementation on IoT with limited resources. In this paper, PIPO 64/128-bit and 64/256-bit were implemented using web-based languages such as Javascript and WebAsembly. Two methods of performance evaluation were conducted by implementing bitsice and TLU, and the performance was compared by implementing Looped written using for statements and Unrolled written for statements. It performs performance evaluations in various web browsers such as Google Chrome, Mozilla Firefox, Opera, and Microsoft Edge, as well as OS-specific environments such as Windows, Linux, Mac, iOS, and Android. In addition, a performance comparison was performed with PIPO implemented in C language. This can be used as an indicator for applying PIPO block cipher on the web.

A Implementation of Web-based Education Contents for 8051 MicroController (웹 기반 8051교육 컨텐츠의 구현)

  • 김현규;최완선;전흥구;김동식;이순흠;최관순
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2004.05a
    • /
    • pp.741-744
    • /
    • 2004
  • 원격 교육시스템의 구현은 인터넷의 기술의 급격한 발전과 함께 활발하게 연구가 진행 되고 있다. 공학 분야에서 원격 교육시스템을 구현하는데 가장 큰 제약사항은 하드웨어의 제어이다. 본 연구에서는 8051 원격 컴파일 시스템을 구현하였으며, 시스템의 구성은 학습자가 웹에서 8051실습 키트를 직접 제어해보며 학습하도록 할 것이다. 학습자는 C언어와 어셈블리어로 8051제어 소스를 작성하고 작성된 소스 파일을 서버에 업로드 하여 컴파일 및 링크할 수 있다 이 과정을 통해 생성된 실행파일을 서버에 연결되어있는 8051 실습키트에 다운로드하여 실행하도록 구현하였다. 또한, 실링 결과의 확인은 웹 카메라를 통해 학습자의 PC에 영상데이터를 전송하여 8051키트의 동작을 학습자들이 확인하게 된다.

  • PDF

A Study on Optimization Performance of WebAssembly Compilers (웹어셈블리 컴파일러 최적화 성능에 관한 연구)

  • Chae-won Shin;Su-hyeon Song;Dong-hyun Kwon
    • Annual Conference of KIPS
    • /
    • 2024.05a
    • /
    • pp.35-36
    • /
    • 2024
  • WebAssembly(WASM)는 웹브라우저용 바이트코드로, 다양한 언어로 작성한 코드를 손쉽게 한번에 실행할 수 있고, 기존 고수준 언어를 사용하여 웹 애플리케이션을 개발할 수 있다. WASM 은 사용자와의 실시간 소통을 필요로 하는 웹용으로 개발되었기 때문에 성능이 중요한 요소로 꼽힌다. 이 논문에서는 대표적인 WASM 컴파일러인 emscripten 과 cheerp 에 대해 각각 생성된 코드의 성능을 측정하여 최적화 정도를 비교한다. 실험 결과 emscripten 의 최적화 수준이 더욱 높았으나, 두 컴파일러의 성능 간 상충 관계가 발견되었다.

Detection of Potential Memory Access Errors based on Assembly Codes (어셈블리어 코드 기반의 메모리 오류 가능성 검출)

  • Kim, Hyun-Soo;Kim, Byeong-Man;Bae, Hyun-Seop;Chung, In-Sang
    • The KIPS Transactions:PartD
    • /
    • v.18D no.1
    • /
    • pp.35-44
    • /
    • 2011
  • Memory errors can cause not only program malfunctions but also even unexpected system halt. Though a programmer checks memory errors, some memory errors with low occurrence frequency are missed to detect. In this paper, we propose a method for effectively detecting such memory errors using instruction transition diagrams through analyzing assembly codes obtained by disassembling an executable file. Out of various memory errors, local memory return errors, null pointer access errors and uninitialized pointer access errors are targeted for detection. When applying the proposed method to various programs including well-known open source programs such as Apache web server and PHP script interpreter, some potential memory errors are detected.

The Classification and Limitation of Coverage-based WebAssembly Fuzzer (커버리지 기반 웹어셈블리 퍼저의 분류와 한계점)

  • Ha-Young Kang;Su-Hyeon Song;Dong-Hyeon Kwon
    • Annual Conference of KIPS
    • /
    • 2023.05a
    • /
    • pp.154-155
    • /
    • 2023
  • WebAssembly(Wasm)은 웹에서 네이티브에 가까운 속도로 실행 가능하고, 고성능 어플리케이션의 구현도 가능하기 때문에 브라우저 및 기타 플랫폼에서 활발히 사용되고 있다. 이로 인해 Wasm에 대한 보안성이 대두되고 있는데, 이때 취약점을 탐지하는 Fuzzing 기법을 적용한 연구들이 있다. Fuzzing 기법에 대한 분류 및 대표적인 도구를 소개하고 각 기법 간 차이점 및 한계점과 향후 연구 방향을 제시한다.