This paper explores the use of relational symbolic execution to counter
timing side channels in WebAssembly programs. We design and implement Vivienne,
an open-source tool to automatically analyze WebAssembly cryptographic
libraries for constant-time violations. Our approach features various
optimizations that leverage the structure of WebAssembly and automated theorem
provers, including support for loops via relational invariants. We evaluate
Vivienne on 57 real-world cryptographic implementations, including a previously
unverified implementation of the HACL* library in WebAssembly. The results
indicate that Vivienne is a practical solution for constant-time analysis of
cryptographic libraries in WebAssembly.

By admin