Stop Hiding The Sharp Knives: The WebAssembly Linux Interface
- URL: http://arxiv.org/abs/2312.03858v1
- Date: Wed, 6 Dec 2023 19:11:15 GMT
- Title: Stop Hiding The Sharp Knives: The WebAssembly Linux Interface
- Authors: Arjun Ramesh, Tianshu Huang, Ben L. Titzer, Anthony Rowe
- Abstract summary: WebAssembly is a portable binary format targetable from many programming languages.
WebAssembly lacks many standard system interfaces, making it difficult to reuse existing applications.
This paper proposes WALI: The WebAssembly Linux Interface, a thin layer over Linux's userspace system calls.
- Score: 1.5439729828544784
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: WebAssembly is gaining popularity as a portable binary format targetable from
many programming languages. With a well-specified low-level virtual instruction
set, minimal memory footprint and many high-performance implementations, it has
been successfully adopted for lightweight in-process memory sandboxing in many
contexts. Despite these advantages, WebAssembly lacks many standard system
interfaces, making it difficult to reuse existing applications.
This paper proposes WALI: The WebAssembly Linux Interface, a thin layer over
Linux's userspace system calls, creating a new class of virtualization where
WebAssembly seamlessly interacts with native processes and the underlying
operating system. By virtualizing the lowest level of userspace, WALI offers
application portability with little effort and reuses existing compiler
backends. With WebAssembly's control flow integrity guarantees, these modules
gain an additional level of protection against remote code injection attacks.
Furthermore, capability-based APIs can themselves be virtualized and
implemented in terms of WALI, improving reuse and robustness through better
layering. We present an implementation of WALI in a modern WebAssembly engine
and evaluate its performance on a number of applications which we can now
compile with mostly trivial effort.
Related papers
- vApps: Verifiable Applications at Internet Scale [2.931173822616461]
Verifiable Applications (vApps) is a novel development framework designed to streamline the creation and deployment of verifiable computing applications.
vApps offer a unified Rust-based Domain-Specific Language ( DSL) within a comprehensive SDK.
This eases the developer's burden in securing diverse software components, allowing them to focus on application logic.
arXiv Detail & Related papers (2025-04-21T02:19:06Z) - UFO2: The Desktop AgentOS [60.317812905300336]
UFO2 is a multiagent AgentOS for Windows desktops that elevates into practical, system-level automation.
We evaluate UFO2 across over 20 real-world Windows applications, demonstrating substantial improvements in robustness and execution accuracy over prior CUAs.
Our results show that deep OS integration unlocks a scalable path toward reliable, user-aligned desktop automation.
arXiv Detail & Related papers (2025-04-20T13:04:43Z) - Efficient Multi-Instance Generation with Janus-Pro-Dirven Prompt Parsing [53.295515505026096]
Janus-Pro-driven Prompt Parsing is a prompt- parsing module that bridges text understanding and layout generation.
MIGLoRA is a parameter-efficient plug-in integrating Low-Rank Adaptation into UNet (SD1.5) and DiT (SD3) backbones.
The proposed method achieves state-of-the-art performance on COCO and LVIS benchmarks while maintaining parameter efficiency.
arXiv Detail & Related papers (2025-03-27T00:59:14Z) - Extending Lifetime of Embedded Systems by WebAssembly-based Functional Extensions Including Drivers [46.538276603099916]
We present Wasm-IO, a framework designed to facilitate peripheral I/O operations within WebAssembly (Wasm) containers.
We detail synchronous I/O and methods for embedding platform-independent peripheral configurations within Wasm binaries.
arXiv Detail & Related papers (2025-03-10T17:22:00Z) - Comparing Security and Efficiency of WebAssembly and Linux Containers in Kubernetes Cloud Computing [0.0]
This study investigates the potential of WebAssembly as a more secure and efficient alternative to Linux containers for executing untrusted code in cloud computing with containers.
Security analyses demonstrate that both Linux containers and WebAssembly have attack surfaces when executing untrusted code, but WebAssembly presents a reduced attack surface due to an additional layer of isolation.
arXiv Detail & Related papers (2024-11-02T23:35:19Z) - Cyber-physical WebAssembly: Secure Hardware Interfaces and Pluggable Drivers [3.3267678659285913]
This work presents WASI proposals and proof-of-concept implementations to enable hardware interaction with I2C and USB.
This is achieved by running the device drivers within WebAssembly as well.
A thorough evaluation of the proof of concepts shows that WASI-USB introduces a minimal overhead of at most 8% compared to native operating system USB APIs.
arXiv Detail & Related papers (2024-10-30T11:21:22Z) - Securing Stack Smashing Protection in WebAssembly Applications [0.0]
Previous work has shown that WebAssembly is vulnerable to buffer overflow due to the lack of effective protection mechanisms.
We evaluate the implementation of Stack Smashing Protection (SSP) in WebAssembly standalone runtimes, and uncover two weaknesses in their current implementation.
arXiv Detail & Related papers (2024-10-23T14:41:59Z) - MeMoir: A Software-Driven Covert Channel based on Memory Usage [7.424928818440549]
MeMoir is a novel software-driven covert channel that, for the first time, utilizes memory usage as the medium for the channel.
We implement a machine learning-based detector that can predict whether an attack is present in the system with an accuracy of more than 95%.
We introduce a noise-based countermeasure that effectively mitigates the attack while inducing a low power overhead in the system.
arXiv Detail & Related papers (2024-09-20T08:10:36Z) - WebAssembly and Security: a review [0.8962460460173961]
We analyze 121 papers by identifying seven different security categories.
We aim to fill this gap by proposing a comprehensive review of research works dealing with security in WebAssembly.
arXiv Detail & Related papers (2024-07-17T03:37:28Z) - Flash-VStream: Memory-Based Real-Time Understanding for Long Video Streams [78.72965584414368]
We present Flash-VStream, a video-language model that simulates the memory mechanism of human.
Compared to existing models, Flash-VStream achieves significant reductions in latency inference and VRAM consumption.
We propose VStream-QA, a novel question answering benchmark specifically designed for online video streaming understanding.
arXiv Detail & Related papers (2024-06-12T11:07:55Z) - StackSight: Unveiling WebAssembly through Large Language Models and Neurosymbolic Chain-of-Thought Decompilation [2.1094456929188676]
StackSight visualizes and tracks virtual stack alterations via a static analysis algorithm and then applies chain-of-thought prompting.
Evaluation results show that StackSight significantly improves WebAssembly decompilation.
Our user study also demonstrates that code snippets generated by StackSight have significantly higher win rates and enable a better grasp of code semantics.
arXiv Detail & Related papers (2024-06-07T01:08:17Z) - OSWorld: Benchmarking Multimodal Agents for Open-Ended Tasks in Real Computer Environments [87.41051677852231]
We introduce OSWorld, the first-of-its-kind scalable, real computer environment for multimodal agents.
OSWorld can serve as a unified, integrated computer environment for assessing open-ended computer tasks.
We create a benchmark of 369 computer tasks involving real web and desktop apps in open domains, OS file I/O, and spanning multiple applications.
arXiv Detail & Related papers (2024-04-11T17:56:05Z) - VisualWebBench: How Far Have Multimodal LLMs Evolved in Web Page Understanding and Grounding? [115.60866817774641]
Multimodal Large Language models (MLLMs) have shown promise in web-related tasks.
evaluating their performance in the web domain remains a challenge due to the lack of comprehensive benchmarks.
bench is a multimodal benchmark designed to assess the capabilities of MLLMs across a variety of web tasks.
arXiv Detail & Related papers (2024-04-09T02:29:39Z) - A Comprehensive Trusted Runtime for WebAssembly with Intel SGX [2.6732136954707792]
We present Twine, a trusted runtime for running WebAssembly-compiled applications within TEEs.
It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O.
We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions.
arXiv Detail & Related papers (2023-12-14T16:19:00Z) - mlirSynth: Automatic, Retargetable Program Raising in Multi-Level IR
using Program Synthesis [48.01697184432969]
mlirSynth translates programs from lower-level MLIR dialects to high-level ones without manually defined rules.
We demonstrate its effectiveness reviby raising C programs to two distinct high-level MLIR dialects, which enables us to use existing high-level dialect specific compilation flows.
arXiv Detail & Related papers (2023-10-06T12:21:50Z) - Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version) [1.2687030176231846]
Capacity is a novel hardware-assisted intra-process access control design that embraces capability-based security principles.
With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references.
We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains.
arXiv Detail & Related papers (2023-09-20T08:57:02Z) - InterCode: Standardizing and Benchmarking Interactive Coding with
Execution Feedback [50.725076393314964]
We introduce InterCode, a lightweight, flexible, and easy-to-use framework of interactive coding as a standard reinforcement learning environment.
Our framework is language and platform agnostic, uses self-contained Docker environments to provide safe and reproducible execution.
We demonstrate InterCode's viability as a testbed by evaluating multiple state-of-the-art LLMs configured with different prompting strategies.
arXiv Detail & Related papers (2023-06-26T17:59:50Z) - Harnessing Deep Learning and HPC Kernels via High-Level Loop and Tensor Abstractions on CPU Architectures [67.47328776279204]
This work introduces a framework to develop efficient, portable Deep Learning and High Performance Computing kernels.
We decompose the kernel development in two steps: 1) Expressing the computational core using Processing Primitives (TPPs) and 2) Expressing the logical loops around TPPs in a high-level, declarative fashion.
We demonstrate the efficacy of our approach using standalone kernels and end-to-end workloads that outperform state-of-the-art implementations on diverse CPU platforms.
arXiv Detail & Related papers (2023-04-25T05:04:44Z) - Not what you've signed up for: Compromising Real-World LLM-Integrated
Applications with Indirect Prompt Injection [64.67495502772866]
Large Language Models (LLMs) are increasingly being integrated into various applications.
We show how attackers can override original instructions and employed controls using Prompt Injection attacks.
We derive a comprehensive taxonomy from a computer security perspective to systematically investigate impacts and vulnerabilities.
arXiv Detail & Related papers (2023-02-23T17:14:38Z) - Fluid Batching: Exit-Aware Preemptive Serving of Early-Exit Neural
Networks on Edge NPUs [74.83613252825754]
"smart ecosystems" are being formed where sensing happens concurrently rather than standalone.
This is shifting the on-device inference paradigm towards deploying neural processing units (NPUs) at the edge.
We propose a novel early-exit scheduling that allows preemption at run time to account for the dynamicity introduced by the arrival and exiting processes.
arXiv Detail & Related papers (2022-09-27T15:04:01Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.