Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM Applications

Memory corruption vulnerabilities can have more serious consequences in WebAssembly than in native applications. Therefore, we present , the first WebAssembly runtime with memory isolation. Our insight is to use MPK hardware for efficient memory protection in WebAssembly. However, MPK and WebAssembly have different memory models: MPK protects virtual memory pages, while WebAssembly uses linear memory that has no pages. Mapping MPK APIs to WebAssembly causes memory bloating and low running efficiency. To solve this, we propose , which protects linear memory at function-level granularity. We implemented into the official WebAssembly runtime to build . Our evaluation shows that can prevent memory corruption in real projects with a 1.77% average overhead and negligible memory cost.