WasmA: A Static WebAssembly Analysis Framework for Everyone
2023 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING, SANER(2023)
Tech Univ Darmstadt
Abstract
The usage of WebAssembly (Wasm) is not only increasing in the web browser, but also as a backend technology on servers. Since Wasm introduces several security issues, like the possibility to obfuscate malicious code and cryptomining, an adequate analysis framework is needed for creating analyses that reveal such issues. Existing state-of-the-art analysis approaches lack in soundness, in fully providing essential information to client analyses, or entail a considerable amount of overhead due to their dynamic nature. To meet this challenge, we developed WasmA a static analysis framework for WebAssembly that determines necessary information needed by static client analyses, like call, control-, and data-flow graphs. In the evaluation we show that WasmA is performant, generic and extensible and thus competitive in comparison to state-of-the art tools. The implementation of a cryptominer detection tool on top of WasmA shows its applicability. WasmA is able to provide the required functionality while having a comparative resource-efficient approach, and as a result WasmA outperforms the state of the art.
MoreTranslated text
Key words
Wasm,Static Analysis,Cryptominer Detection
PDF
View via Publisher
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Data Disclaimer
The page data are from open Internet sources, cooperative publishers and automatic analysis results through AI technology. We do not make any commitments and guarantees for the validity, accuracy, correctness, reliability, completeness and timeliness of the page data. If you have any questions, please contact us by email: report@aminer.cn
Chat Paper
Summary is being generated by the instructions you defined