Show simple item record

dc.contributor.authorWatt, Conraden
dc.contributor.authorRenner, Johnen
dc.contributor.authorPopescu, Natalieen
dc.contributor.authorCauligi, Sunjayen
dc.contributor.authorStefan, Deianen
dc.date.accessioned2019-05-01T23:31:05Z
dc.date.available2019-05-01T23:31:05Z
dc.identifier.urihttps://www.repository.cam.ac.uk/handle/1810/292208
dc.description.abstractA significant amount of both client and server-side cryptography is implemented in JavaScript. Despite widespread concerns about its security, no other language has been able to match the convenience that comes from its ubiquitous support on the "web ecosystem" - the wide variety of technologies that collectively underpins the modern World Wide Web. With the introduction of the new WebAssembly bytecode language (Wasm) into the web ecosystem, we have a unique opportunity to advance a principled alternative to existing JavaScript cryptography use cases which does not compromise this convenience. We present Constant-Time WebAssembly (CT-Wasm), a type-driven, strict extension to WebAssembly which facilitates the verifiably secure implementation of cryptographic algorithms. CT-Wasm's type system ensures that code written in CT-Wasm is both information flow secure and resistant to timing side channel attacks; like base Wasm, these guarantees are verifiable in linear time. Building on an existing Wasm mechanization, we mechanize the full CT-Wasm specification, prove soundness of the extended type system, implement a verified type checker, and give several proofs of the language's security properties. We provide two implementations of CT-Wasm: an OCaml reference interpreter and a native implementation for Node.js and Chromium that extends Google's V8 engine. We also implement a CT-Wasm to Wasm rewrite tool that allows developers to reap the benefits of CT-Wasm's type system today, while developing cryptographic algorithms for base Wasm environments. We evaluate the language, our implementations, and supporting tools by porting several cryptographic primitives - Salsa20, SHA-256, and TEA - and the full TweetNaCl library. We find that CT-Wasm is fast, expressive, and generates code that we experimentally measure to be constant-time.
dc.rightsAttribution 4.0 International
dc.rights.urihttps://creativecommons.org/licenses/by/4.0/
dc.titleCT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystemen
dc.typeConference Object
prism.publicationNameProceedings of the ACM on Programming Languagesen
dc.identifier.doi10.17863/CAM.39359
dcterms.dateAccepted2018-12-14en
rioxxterms.versionofrecord10.1145/3290390en
rioxxterms.versionVoR
rioxxterms.licenseref.urihttp://www.rioxx.net/licenses/all-rights-reserveden
rioxxterms.licenseref.startdate2018-12-14en
dc.contributor.orcidWatt, Conrad [0000-0002-0596-877X]
rioxxterms.typeConference Paper/Proceeding/Abstracten
pubs.funder-project-idEPSRC (1790117)
pubs.funder-project-idEPSRC (EP/K008528/1)
pubs.conference-namePrinciples of Programming Languages 2019en
pubs.conference-start-date2019-01-13en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

Attribution 4.0 International
Except where otherwise noted, this item's licence is described as Attribution 4.0 International