Art der Publikation: Beitrag in Sammelwerk

Bento: Fine-Grained Memory Isolation for COTS WebAssembly Binaries

Autor(en):

Draissi, Oussama; Davi, Lucas

Titel des Sammelbands:

Proc. of 35th ACM Web Conference 2026 (WWW '26)

Verlag:

Association for Computing Machinery (ACM)

Ort(e):

Dubai, United Arab Emirates

Veröffentlichung:

2026

Zitation:

Download BibTeX

Kurzfassung

WebAssembly (Wasm) enables execution of memory-unsafe languages like C/C++ in the browser, but its monolithic linear memory leaves modules vulnerable to high-impact attacks such as Cross-Site Scripting. Existing defenses are unsuitable for Commercial-off-the-shelf (COTS) binaries, requiring source code, non-standard runtimes, or introduce high-overhead instrumentation. We present Bento, the first static binary rewriter that automatically hardens COTS Wasm modules. Bento uses whole-program pointer analysis to partition memory into logical regions (stack, heap, globals) and rewrites the binary to map each to an isolated instance using the standard Wasm multi-memory feature.This creates a software-based MMU that provides architectural hardening withoutadding instructions or runtime checks.Our evaluation shows Bento mitigates real-world exploits in prominentapplications, including Libpng and PDFAlto, while preserving semantics, as confirmed by extensive differential testing. This architectural approach adds no new instructions, achieving zero computational overhead. This results in negligible performance costs: a 3% runtime slowdown and a 1% startup overhead.