Bento: Fine-Grained Memory Isolation for COTS WebAssembly Binaries

WebAssembly (Wasm) enables execution of memory-unsafe languages like C/C++ in the browser, but its monolithic linear memory leaves modules vulnerable to high-impact attacks such as cross-site scripting. Existing defenses are unsuitable for commercial-off-the-shelf (COTS) binaries, requiring either source code, non-standard runtimes, or introduce high-overhead instrumentation. We present Bento, the first static binary rewriter that automatically hardens COTS Wasm modules. Bento uses whole-program pointer analysis to partition memory into logical regions (stack, heap, globals) and rewrites the binary to map each region to an isolated instance using the standard Wasm multi-memory feature. This creates a software-based MMU that provides architectural hardening without adding instructions or costly runtime checks. Our evaluation shows that Bento mitigates real-world exploits in prominent applications, including Libpng and PDFAlto, while preserving program semantics, as confirmed by differential testing. Since our architectural approach adds no new instructions, Bento only induces 3% runtime slowdown and a 1% startup overhead.