CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem
source link: https://www.tuicool.com/articles/hit/fe6ZnqZ
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Abstract: A significant amount of both client and server-side cryptography is implemented in JavaScript. Despite widespread concerns about its security, no other language has been able to match the convenience that comes from its ubiquitous support on the "web ecosystem" - the wide variety of technologies that collectively underpins the modern World Wide Web. With the new introduction of the WebAssembly bytecode language (Wasm) into the web ecosystem, we have a unique opportunity to advance a principled alternative to existing JavaScript cryptography use cases which does not compromise this convenience.
We present Constant-Time WebAssembly (CT-Wasm), a type-driven strict extension to WebAssembly which facilitates the verifiably secure implementation of cryptographic algorithms. CT-Wasm's type system ensures that code written in CT-Wasm is both information flow secure and resistant to timing side channel attacks; like base Wasm, these guarantees are verifiable in linear time. Building on an existing Wasm mechanization, we mechanize the full CT-Wasm specification, prove soundness of the extended type system, implement a verified type checker, and give several proofs of the language's security properties.
We provide two implementations of CT-Wasm: an OCaml reference interpreter and a native implementation for Node.js and Chromium that extends Google's V8 engine. We also implement a CT-Wasm to Wasm rewrite tool that allows developers to reap the benefits of CT-Wasm's type system today, while developing cryptographic algorithms for base Wasm environments. We evaluate the language, our implementations, and supporting tools by porting several cryptographic primitives - Salsa20, SHA-256, and TEA - and the full TweetNaCl library. We find that CT-Wasm is fast, expressive, and generates code that we experimentally measure to be constant-time.
Recommend
-
4
User should be able to view a list of Todos To model the problem accurately, we need to know what behavior of Todo app would expected. Assuming we already have our restful back end developed. If you visit:...
-
5
Type-Driven development is the practice of defining types first, in order to build out the implementation. The Benefits of Type-Driven Development My colleague Andy
-
9
Overview of the Rust cryptography ecosystem Tue, Aug 24, 2021 37.2% of vulnerabilities in cryptographic libraries are memory safety issues, while only 27.2% are cryptographic issues, accor...
-
9
ST. LOUIS"Type-Driven API Design in Rust" by Will Crichton...
-
7
Introducing a redesigned partner program to foster an ecosystem driven by delight In a world where fluctuating customer expectations and dynamic competitive pressures dominate the market, Freshworks, with it...
-
15
Police CyberAlarm Uses Alarming Cryptography July 4th, 2022 Today we’re going to be talk...
-
9
Garrett: Responsible stewardship of the UEFI secure boot ecosystem [Posted July 12, 2022 by corbet] Matthew Garrett grumbles...
-
7
Microsoft for Defense and Intelligence: Secure the digital defense ecosystem and improve interoperability January 17, 2023 7 min read
-
5
In this blog, I would like to introduce some runtimes on Arm64 platform. Especially, I give you a benchmarking on WasmEdge and Runc, to show you the advantage of Wasm compared with container. Arm consistently makes contribution to open-source proj...
-
5
Secure Curves in the Web Cryptography API↑
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK