Javier Cabrera Arteaga

Åsögatan 119, Plan 2

116 24 Stockholm, Sweden

About me

I earned my Master’s Degree in Computer Science from the University of Havana, Cuba, in 2016. Since 2019, I’ve been furthering my academic journey, earning my PhD degree at the esteemed KTH Royal Institute of Technology, specializing in Software Diversification to enhance reliability and security, with a primary emphasis on WebAssembly.

I am a Software Engineer at Hopsworks AB. I joined a common dream and effort to “Build, Maintain, and Monitor ML Systems”, also making ML accessible to everyone.

Logs

March, 2024 PhD degree at KTH
Jan, 2024 Wasm-Mutate: Fast and effective binary diversification for WebAssembly accepted at Computers&Security journal as a collaboration with Nick Fitzgerald
May, 2023 WebAssembly Diversification for Malware Evasion accepted at Computers&Security journal as a collaboration with Tim Toady
March, 2023 Dagstuhl seminar "Foundations of WebAssembly"
October, 2022 Artificial Software Diversitication for WebAssembly manuscript, Teknologie licentiatexamen
June, 2022 wasm-mutate presented at EGRAPHS, PLDI 2022
June, 2022 MEWE presented at PAW, ECOOP 2022
April, 2022 Officially aknowledged as a bytecode alliance contributor
April, 2022 wasm-mutate was accepted as a talk in EGRAPHS 2022 Workshop, PLDI
February, 2022 PC member for PAW 2022 Workshop
September-December, 2021 Contractor Software Engineer at Fastly
May 21, 2021 We receive acknowledgement for a CVE discovered in the Wasm Lucet compiler.
Feb 18, 2021 CROW was presented at DiverSE team in University of Rennes 1
Feb 25, 2021 CROW was presented at MADWeb Workshop in NDSS's 21
Apr 14, 2021 CROW was presented at Spirals team in University of Lille
May 4, 2021 CROW was presented at UC San Diego

Professional services

Reviewer for Transactions on Software Engineering and Methodology TOSEM, ACK
Co-reviewer for NDSS, USENIX, TSE

Publications

2024

COSE 2024

Wasm-Mutate: Fast and effective binary diversification for WebAssembly

Cabrera-Arteaga, Javier, Fitzgerald, Nicholas, Monperrus, Martin, and Baudry, Benoit

2024

Abs

WebAssembly is the fourth officially endorsed Web language. It is recognized because of its efficiency and design, focused on security. Yet, its swiftly expanding ecosystem lacks robust software diversification systems. We introduce Wasm-Mutate, a diversification engine specifically designed for WebAssembly. Our engine meets several essential criteria: 1) To quickly generate functionally identical, yet behaviorally diverse, WebAssembly variants, 2) To be universally applicable to any WebAssembly program, irrespective of the source programming language, and 3) Generated variants should counter side-channels. By leveraging an e-graph data structure, Wasm-Mutate is implemented to meet both speed and efficacy. We evaluate Wasm-Mutate by conducting experiments on 404 programs, which include real-world applications. Our results highlight that Wasm-Mutate can produce tens of thousands of unique and efficient WebAssembly variants within minutes. Significantly, Wasm-Mutate can safeguard WebAssembly binaries against timing side-channel attacks, especially those of the Spectre type.

2023

COSE 2023

WebAssembly Diversification for Malware Evasion

Cabrera-Arteaga, Javier, Monperrus, Martin, Toady, Tim, and Baudry, Benoit

Computers & Security 2023

Abs

WebAssembly has become a crucial part of the modern web, offering a faster alternative to JavaScript in browsers. While boosting rich applications in browser, this technology is also very efficient to develop cryptojacking malware. This has triggered the development of several methods to detect cryptojacking malware. However, these defenses have not considered the possibility of attackers using evasion techniques. This paper explores how automatic binary diversification can support the evasion of WebAssembly cryptojacking detectors. We experiment with a dataset of 33 WebAssembly cryptojacking binaries and evaluate our evasion technique against two malware detectors: VirusTotal, a general-purpose detector, and MINOS, a WebAssembly-specific detector. Our results demonstrate that our technique can automatically generate variants of WebAssembly cryptojacking that evade the detectors in 90% of cases for VirusTotal and 100% for MINOS. Our results emphasize the importance of meta-antiviruses and diverse detection techniques and provide new insights into which WebAssembly code transformations are best suited for malware evasion. We also show that the variants introduce limited performance overhead, making binary diversification an effective technique for evasion.

2022

MTD 2022

Multi-Variant Execution at the Edge

Cabrera Arteaga, Javier, Laperdrix, Pierre, Monperrus, Martin, and Baudry, Benoit

In Proceedings of the 9th ACM Workshop on Moving Target Defense 2022

Abs

Edge-Cloud computing offloads parts of the computations that traditionally occurs in the cloud to edge nodes. The binary format WebAssembly is increasingly used to distribute and deploy services on such platforms. Edge-Cloud computing providers let their clients deploy stateless services in the form of WebAssembly binaries, which are then translated to machine code, sandboxed and executed at the edge. In this context, we propose a technique that (i) automatically diversifies WebAssembly binaries that are deployed to the edge and (ii) randomizes execution paths at runtime. Thus, an attacker cannot exploit all edge nodes with the same payload. Given a service, we automatically synthesize functionally equivalent variants for the functions providing the service. All the variants are then wrapped into a single multivariant WebAssembly binary. When the service endpoint is executed, every time a function is invoked, one of its variants is randomly selected. We implement this technique in the MEWE tool and we validate it with 7 services for which MEWE generates multivariant binaries that embed hundreds of function variants. We execute the multivariant binaries on the world-wide edge platform provided by Fastly, as part as a research collaboration. We show that multivariant binaries exhibit a real diversity of execution traces across the whole edge platform distributed around the globe.
EGRAPHS’22

wasm-mutate: Fuzzing WebAssembly compilers with e-graphs

In 2022

Abs

2021

MADWeb 2021

CROW: Code Diversification for WebAssembly

Cabrera Arteaga, Javier, Malivitsis, Orestis Floros, Pérez, Oscar Luis Vera, Baudry, Benoit, and Monperrus, Martin

2021

Abs

The adoption of WebAssembly has rapidly increased in the last few years as it provides a fast and safe model for program execution. However, WebAssembly is not exempt from vulnerabilities that could be exploited by side channels attacks. This class of vulnerabilities that can be addressed by code diversification. In this paper, we present the first fully automated workflow for the diversification of WebAssembly binaries. We present CROW, an open-source tool implementing this workflow. We evaluate CROW’s capabilities on 303 C programs and study its use on a real-life security-sensitive program: libsodium, a cryptographic library. Overall, CROW is able to generate diverse variants for 239 out of 303 (79%) small programs. On libsodium, the execution trace changes up to 83.4%.

2020

MoreVM’s 2020

Superoptimization of WebAssembly Bytecode

Cabrera Arteaga, Javier, Donde, Shrinish, Gu, Jian, Floros, Orestis, Satabin, Lucas, Baudry, Benoit, and Monperrus, Martin

In Conference Companion of the 4th International Conference on Art, Science, and Engineering of Programming 2020

Abs

Motivated by the fast adoption of WebAssembly, we propose the first functional pipeline to support the superoptimization of WebAssembly bytecode. Our pipeline works over LLVM and Souper. We evaluate our superoptimization pipeline with 12 programs from the Rosetta code project. Our pipeline improves the code section size of 8 out of 12 programs. We discuss the challenges faced in superoptimization of WebAssembly with two case studies.

2019

VMIL 2019

Scalable Comparison of JavaScript V8 Bytecode Traces

Cabrera Arteaga, Javier, Monperrus, Martin, and Baudry, Benoit

In Proceedings of the 11th ACM SIGPLAN International Workshop on Virtual Machines and Intermediate Languages 2019

Abs

The comparison and alignment of runtime traces are essential, e.g., for semantic analysis or debugging. However, naive sequence alignment algorithms cannot address the needs of the modern web: (i) the bytecode generation process of V8 is not deterministic; (ii) bytecode traces are large. We present STRAC, a scalable and extensible tool tailored to compare bytecode traces generated by the V8 JavaScript engine. Given two V8 bytecode traces and a distance function between trace events, STRAC computes and provides the best alignment. The key insight is to split access between memory and disk. STRAC can identify semantically equivalent web pages and is capable of processing huge V8 bytecode traces whose order of magnitude matches today’s web like this https URL, which generates approx. 150k of V8 bytecode instructions.

Courses highlighting

Proofs of concept and ongoing works

2022

Data augmentation to break WebAssembly classifiers

Cabrera Arteaga, Javier

Abs

In this work we proposed a data augmentation technique using a novel mutation tool for WebAssembly that provides semantically equivalent code transformations. We re- produce MINOS, a novel tool to automatically detect malicious WebAssembly programs. We empirically demonstrate that the original dataset of MINOS is too small to be generalized. The MINOS model trained with the original dataset dropped its accuracy to 50% on the augmented datasets. Besides, the model does not improve when it uses the augmented dataset for training. Thus, we show that the proposed normalization process in MINOS is affected under depth data transformations for WebAssembly.

Some slides

Master theses supervision

Camille Fournier: Comparison of Smoothness in Progressive Web Apps and Mobile Applications on Android
One of the main challenges of mobile development lies in the high fragmentation of mobile platforms. Developers often need to develop the same application several times for all targeted platforms, raising the cost of development and maintenance. One solution to this problem is cross-platform development, which traditionally only includes mobile applications. However, a new approach introduced by Google in 2015 also includes web applications. Progressive Web Apps, as they are called, are web applications that can be installed on mobile and behave like mobile applications. This research aims at studying and comparing their performance to mobile applications on Android, especially in terms of smoothness, memory and CPU usage. To that end, we analyzed the Rendering pipeline of Android and Chrome and deducted a smoothness metric. Then, a Progressive Web App, a Native Android and a React Native Interpreted Application were developed and their performance measured in several scenarios. The results imply that Progressive Web Applications, though they have great benefits, are not as smooth as Mobile applications on Android. Their memory performance and CPU usage lag behind Native Applications, but are similar to Interpreted applications.
Adam Benali: Neural Decompilation for WebAssembly
WebAssembly is a new low-level language used as a compilation target which runs in web browsers. There are many benefits to using WebAssembly, mainly the speed gain compared to Javascript while still being able to run it in the same sandbox Javascript code runs in. Decompilation is the process of taking compiled binary code and producing textual source code that is equivalent to the original source code. However, it does not have to be identical to the latter. Decompiling a program to source code that is very faithful to the original source code is a hard task because a lot of the information about the source code is destroyed by compilers as they do various optimizations. Because of this, neural approaches for decompilation attempting to solve this problem have been studied. To expand on the latter, machine learning for source code is a new area of research where ML is being leveraged to handle large sizes of soure code, assist in code generation and source code translation. The above are the three main themes which are in the scope of this degree project.* *WebAssembly is a compiled language, but for conducting security analyses for example, binary code is not the ideal format to deal with. Hence, decompilation is an essential step when working with WASM. However, it is challenging to write an accurate decompiler (that can always reconstruct the source code that actually corresponds to the compiled code) and the implementation of decompilers currently relies on the careful, manual design of decompilation rules. Some recent works have proposed to use machine learning in order to train a decompiler. These works successfully applied this concept to decompile from x86 to C source code. Therefore, in this thesis, the goal will be to study decompilation learning for WebAssembly.
Djiar Salim: Securing Trigger-Action Platforms with WebAssembly
The number of internet-connected devices and online services is increasing in the everyday lives of people. These devices and services solve independent tasks when used separately. However, they can solve complex tasks when used together. Trigger-action platforms (TAPs) allow users to create applications that connect their devices and services. The applications wait for a condition to be true in a device or service (trigger), and perform an operation in another device or service (action). JavaScript-driven TAPs allow users to add JavaScript code that is executed before the action. Currently, JavaScript-driven TAPs execute this code in the same JavaScript runtime for different applications. The problem is that they use unsafe isolation techniques that fail to secure code across applications. Thus, malicious applications can compromise other applications to leak their private data or control their behavior. Motivated to secure TAPs, we investigate isolation techniques on TAPs. The goal of this work is to propose isolation with WebAssembly, a recent language that is praised for its safe isolation. In line with the proposal, we prototype a WebAssembly-driven TAP. We also evaluate WebAssembly in terms of security, usability, and performance. For security, we perform a qualitative analysis of the security of current isolation techniques and WebAssembly. For usability, we implement and evaluate a set of applications on our novel platform. For performance, we conduct benchmarks on different isolation techniques including WebAssembly. The findings show that WebAssembly provides better isolation of code across applications than current isolation techniques. Our evaluation of usability and performance indicates that WebAssembly is also a practical and eﬀicient solution. Furthermore, the performance results demonstrate that current JavaScript isolation techniques have significant performance issues that WebAssembly does not have. We conclude that WebAssembly can protect code across applications with isolation and it can be used in combination with other security measures to secure TAPs.
Anna Skantz: Performance Evaluation of Kotlin Multiplatform Mobile and Native iOS Development in Swift
Today's mobile development resides in the two main operating systems Android and iOS. It is popular to develop mobile applications individually for each respective platform, referred to as native development. To reduce additional costs, cross-platform solutions have emerged that enable shared development for both platforms. KMM is a relatively unexplored cross-platform tool developed by JetBrains. The purpose of this study is to evaluate the performance of iOS applications developed in KMM compared to native Swift. We compare the two approaches for developing iOS apps by compiling a benchmark suite and measuring the performance metrics execution time, memory consumption, and CPU usage. Our benchmark suite is a collection of 7 benchmarks consisting of high-level functionalities networking and database management, as well as low-level computational tasks from the CLBG suite. For the studied benchmarks, the results indicate that KMM generally achieves faster execution times, but with a trade-off overhead in higher memory consumption and CPU usage. We have found KMM to achieve up to 2,7 seconds faster execution time, consume up to 390MB more memory, and up to 30\% more CPU than with native Swift. Besides, our results highlight correlations between the garbage collection cycles of KMM with profiling patterns of memory consumption and CPU usage.