TU Darmstadt / ULB / TUbiblio

WasmA: A Static WebAssembly Analysis Framework for Everyone

Breitfelder, Florian ; Roth, Tobias ; Baumgärtner, Lars ; Mezini, Mira (2023)
WasmA: A Static WebAssembly Analysis Framework for Everyone.
30th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2023). Taipa, Macao (21.03.2023-24.03.2023)
doi: 10.1109/SANER56733.2023.00085
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The usage of WebAssembly (Wasm) is not only increasing in the web browser, but also as a backend technology on servers. Since Wasm introduces several security issues, like the possibility to obfuscate malicious code and cryptomining, an adequate analysis framework is needed for creating analyses that reveal such issues. Existing state-of-the-art analysis approaches lack in soundness, in fully providing essential information to client analyses, or entail a considerable amount of overhead due to their dynamic nature. To meet this challenge, we developed WasmA a static analysis framework for WebAssembly that determines necessary information needed by static client analyses, like call, control-, and data-flow graphs. In the evaluation we show that WasmA is performant, generic and extensible and thus competitive in comparison to state-of-the art tools. The implementation of a cryptominer detection tool on top of WasmA shows its applicability. WasmA is able to provide the required functionality while having a comparative resource-efficient approach, and as a result WasmA outperforms the state of the art.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2023
Autor(en): Breitfelder, Florian ; Roth, Tobias ; Baumgärtner, Lars ; Mezini, Mira
Art des Eintrags: Bibliographie
Titel: WasmA: A Static WebAssembly Analysis Framework for Everyone
Sprache: Englisch
Publikationsjahr: 15 Mai 2023
Verlag: IEEE
Buchtitel: Proceedings: SANER 2023: 2023 IEEE International Conference on Software Analysis, Evolution and Reengineering
Veranstaltungstitel: 30th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2023)
Veranstaltungsort: Taipa, Macao
Veranstaltungsdatum: 21.03.2023-24.03.2023
DOI: 10.1109/SANER56733.2023.00085
URL / URN: https://ieeexplore.ieee.org/document/10123627
Kurzbeschreibung (Abstract):

The usage of WebAssembly (Wasm) is not only increasing in the web browser, but also as a backend technology on servers. Since Wasm introduces several security issues, like the possibility to obfuscate malicious code and cryptomining, an adequate analysis framework is needed for creating analyses that reveal such issues. Existing state-of-the-art analysis approaches lack in soundness, in fully providing essential information to client analyses, or entail a considerable amount of overhead due to their dynamic nature. To meet this challenge, we developed WasmA a static analysis framework for WebAssembly that determines necessary information needed by static client analyses, like call, control-, and data-flow graphs. In the evaluation we show that WasmA is performant, generic and extensible and thus competitive in comparison to state-of-the art tools. The implementation of a cryptominer detection tool on top of WasmA shows its applicability. WasmA is able to provide the required functionality while having a comparative resource-efficient approach, and as a result WasmA outperforms the state of the art.

Freie Schlagworte: Engineering, E1, Software Technology Group (STG)
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Softwaretechnik
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 11 Jul 2023 08:39
Letzte Änderung: 11 Jul 2023 08:39
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen