[2021.09.01] [MIDDLEWARE 2019] AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting >

Source: https://dl.acm.org/doi/abs/10.1145/3361525.3361541?casa_token=U0LOekVX1D4AAAAA:HAT3p4fiK0r8VwKbAX95Lib256TfCZVcIT130Zxg7gSUcjn4QZh9I9eTbp0-puE6NmIfd2ZOCZUsog Authors: David Goltzsche(TU Braunschweig, Germany);Manuel Nieke(TU Braunschweig, Germany);Thomas Knauth(Intel, United States);Rüdiger Kapitza(TU Braunschweig, Germany) Download Note: https://jbox.sjtu.edu.cn/l/S11yks Contributor: lty 远程计算,例如云计算、客户端的web应用和volunteer计算。这些服务的资源计算方法依赖于infrastructure provider。这些远程计算往往需要沙箱对其进行保护,理由是:隔离主机环境免受攻击;控制和限制资源使用。通常云服务器和代码提供者相互都是不信任的。 AccTEE是一个在服务器和用户之间提供资源使用可信服务的双路沙箱。SGX+WASM,在确保代码和数据的机密性和完整性的同时,使用自动代码工具进行细粒度的资源核算。

[2021.04.27] [Usenix Security 2021] Swivel: Hardening WebAssembly against Spectre

Source: https://www.usenix.org/conference/usenixsecurity21/presentation/narayan Authors: Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi .etc. Download Note: https://jbox.sjtu.edu.cn/l/4FkxtI Contributor: lty Overview Fastly的Terrarium是WebAssembly FaaS平台,客户将代码编译为Wasm并将生成的模块上传到平台,平台负责扩展和隔离。在单个主机中可以运行数千个客户提供的Wasm模块,并依靠Wasm沙箱实现隔离。然而这些隔离会被Spectre攻击破坏。 Swivel通过扩展Lucet和Cranelift代码生成器,以解决FaaS Wasm平台上的Spectre攻击。Swivel提供软硬件两种保护方案,分别是Swivel-SFI和Swivel-CET。