Breitfelder, Florian ; Roth, Tobias ; Baumgärtner, Lars ; Mezini, Mira (2023)
WasmA: A Static WebAssembly Analysis Framework for Everyone.
30th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2023). Taipa, Macao (21.03.2023-24.03.2023)
doi: 10.1109/SANER56733.2023.00085
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The usage of WebAssembly (Wasm) is not only increasing in the web browser, but also as a backend technology on servers. Since Wasm introduces several security issues, like the possibility to obfuscate malicious code and cryptomining, an adequate analysis framework is needed for creating analyses that reveal such issues. Existing state-of-the-art analysis approaches lack in soundness, in fully providing essential information to client analyses, or entail a considerable amount of overhead due to their dynamic nature. To meet this challenge, we developed WasmA a static analysis framework for WebAssembly that determines necessary information needed by static client analyses, like call, control-, and data-flow graphs. In the evaluation we show that WasmA is performant, generic and extensible and thus competitive in comparison to state-of-the art tools. The implementation of a cryptominer detection tool on top of WasmA shows its applicability. WasmA is able to provide the required functionality while having a comparative resource-efficient approach, and as a result WasmA outperforms the state of the art.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2023 |
Autor(en): | Breitfelder, Florian ; Roth, Tobias ; Baumgärtner, Lars ; Mezini, Mira |
Art des Eintrags: | Bibliographie |
Titel: | WasmA: A Static WebAssembly Analysis Framework for Everyone |
Sprache: | Englisch |
Publikationsjahr: | 15 Mai 2023 |
Verlag: | IEEE |
Buchtitel: | Proceedings: SANER 2023: 2023 IEEE International Conference on Software Analysis, Evolution and Reengineering |
Veranstaltungstitel: | 30th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2023) |
Veranstaltungsort: | Taipa, Macao |
Veranstaltungsdatum: | 21.03.2023-24.03.2023 |
DOI: | 10.1109/SANER56733.2023.00085 |
URL / URN: | https://ieeexplore.ieee.org/document/10123627 |
Kurzbeschreibung (Abstract): | The usage of WebAssembly (Wasm) is not only increasing in the web browser, but also as a backend technology on servers. Since Wasm introduces several security issues, like the possibility to obfuscate malicious code and cryptomining, an adequate analysis framework is needed for creating analyses that reveal such issues. Existing state-of-the-art analysis approaches lack in soundness, in fully providing essential information to client analyses, or entail a considerable amount of overhead due to their dynamic nature. To meet this challenge, we developed WasmA a static analysis framework for WebAssembly that determines necessary information needed by static client analyses, like call, control-, and data-flow graphs. In the evaluation we show that WasmA is performant, generic and extensible and thus competitive in comparison to state-of-the art tools. The implementation of a cryptominer detection tool on top of WasmA shows its applicability. WasmA is able to provide the required functionality while having a comparative resource-efficient approach, and as a result WasmA outperforms the state of the art. |
Freie Schlagworte: | Engineering, E1, Software Technology Group (STG) |
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Softwaretechnik DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
Hinterlegungsdatum: | 11 Jul 2023 08:39 |
Letzte Änderung: | 11 Jul 2023 08:39 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |