Multi-Variant Execution at the Edge
Javier Cabrera-Arteaga, Pierre Laperdrix, Martin Monperrus, Benoit, Baudry
TL;DR
This paper introduces MEWE, a technique for automatically diversifying WebAssembly binaries deployed at the edge, enhancing security through runtime randomization of execution paths and function variants.
Contribution
The paper presents a novel method to synthesize and deploy multivariant WebAssembly binaries at the edge, increasing execution diversity and security.
Findings
MEWE generates binaries with hundreds of function variants.
Multivariant binaries exhibit high diversity of execution traces.
The approach is validated on real edge platform deployments.
Abstract
Edge-cloud computing offloads parts of the computations that traditionally occurs in the cloud to edge nodes,e.g., CDN servers, in order to get closer to the users and reduce latency. To improve performance even further, WebAssembly is increasingly used in this context. Edge-cloud computing providers, such as Fastly or Cloudflare, let their clients deploy stateless services in the form of WebAssembly binaries, which are then translated to machine code and sandboxed for a safe execution at the edge. In this context, we propose a technique that (i) automatically diversifies WebAssembly binaries that are deployed to the edge and (ii) randomizes execution paths at runtime, turning the execution of the services into a moving target. Given a service tobe deployed at the edge, we automatically synthesize functionally equivalent variants for the functions that implement the service.All the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsIoT and Edge/Fog Computing · Cloud Computing and Resource Management · Software System Performance and Reliability