Two-Faces of WASM Security
Offered By: Security BSides San Francisco via YouTube
Course Description
Overview
Explore the dual nature of WebAssembly (WASM) security in this 21-minute conference talk from BSidesSF 2019. Dive into the evolution of WASM from JavaScript and asm.js, understanding its performance benefits and security model. Learn about the protective measures for users and developers, including sandboxed environments and primitives like type safety and control flow integrity. Examine the increasing use of WASM in malicious activities such as keyloggers, tech support scams, and sophisticated coin-mining scripts. Discover the challenges faced by web authors due to vulnerable WASM modules. Analyze both the malicious intent behind advanced WASM modules and the expanded attack surface created by exploitable modules. Gain insights into WASM examples, security features, attack techniques, and defensive measures through topics like EMC, Big Amount WASM, Key Lockers, Chi Miners, and Kryptonite Filter.
Syllabus
Introduction
Agenda
What is WASM
JavaScript vs WASM
WASM vs JavaScript
EMCC
Big Amount WASM
WASM Example
WASM Module
WASM Security
Key Lockers
Chi Miners
Attackers
Kryptonite
Filter
Other Views
Tricks
User Control
User Input
Buffer Overflow
Memory Diagram
MJS
Type Infusion
Signature checks
Conclusion
Questions
Taught by
Security BSides San Francisco
Related Courses
Enforcing Unique Code Target Property for Control-Flow IntegrityAssociation for Computing Machinery (ACM) via YouTube Current Status of RISC-V Security Mechanisms - Nick Kossifidis, FORTH
TheIACR via YouTube Taking Kernel Hardening to the Next Level
Black Hat via YouTube The Power of Data-Oriented Attacks - Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
Black Hat via YouTube Mitigating Spectre Attacks Using CFI Informed Speculation
IEEE via YouTube