WasmA: A Static WebAssembly Analysis Framework for Everyone

被引:2
作者
Breitfelder, Florian [1 ]
Roth, Tobias [1 ]
Baumgaertner, Lars [1 ]
Mezini, Mira [1 ]
机构
[1] Tech Univ Darmstadt, D-64289 Darmstadt, Germany
来源
2023 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING, SANER | 2023年
关键词
Wasm; Static Analysis; Cryptominer Detection; GRAPH;
D O I
10.1109/SANER56733.2023.00085
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
The usage of WebAssembly (Wasm) is not only increasing in the web browser, but also as a backend technology on servers. Since Wasm introduces several security issues, like the possibility to obfuscate malicious code and cryptomining, an adequate analysis framework is needed for creating analyses that reveal such issues. Existing state-of-the-art analysis approaches lack in soundness, in fully providing essential information to client analyses, or entail a considerable amount of overhead due to their dynamic nature. To meet this challenge, we developed WasmA a static analysis framework for WebAssembly that determines necessary information needed by static client analyses, like call, control-, and data-flow graphs. In the evaluation we show that WasmA is performant, generic and extensible and thus competitive in comparison to state -of-the art tools. The implementation of a cryptominer detection tool on top of WasmA shows its applicability. WasmA is able to provide the required functionality while having a comparative resource -efficient approach, and as a result WasmA outperforms the state of the art.
引用
收藏
页码:753 / 757
页数:5
相关论文
共 50 条
  • [1] Wasmati: An efficient static vulnerability scanner for WebAssembly
    Brito, Tiago
    Lopes, Pedro
    Santos, Nuno
    Santos, Jose Fragoso
    COMPUTERS & SECURITY, 2022, 118
  • [2] SWAN: A Static Analysis Framework for Swift
    Tiganov, Daniil
    Cho, Jeff
    Ali, Karim
    Dolby, Julian
    PROCEEDINGS OF THE 28TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE '20), 2020, : 1640 - 1644
  • [3] Mira: A Framework for Static Performance Analysis
    Meng, Kewen
    Norris, Boyana
    2017 IEEE INTERNATIONAL CONFERENCE ON CLUSTER COMPUTING (CLUSTER), 2017, : 103 - 113
  • [4] Compositional Information Flow Analysis for WebAssembly Programs
    Stievenart, Quentin
    De Roover, Coen
    2020 20TH IEEE INTERNATIONAL WORKING CONFERENCE ON SOURCE CODE ANALYSIS AND MANIPULATION (SCAM 2020), 2020, : 13 - 24
  • [5] Kunai: A static analysis framework for Android apps
    Blazquez, Eduardo
    Tapiador, Juan
    SOFTWAREX, 2023, 22
  • [6] A Static Analysis Framework for Data Science Notebooks
    Subotic, Pavle
    Milikic, Lazar
    Stojic, Milan
    2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022), 2022, : 13 - 22
  • [7] HybriDroid: Static Analysis Framework for Android Hybrid Applications
    Lee, Sungho
    Dolby, Julian
    Ryu, Sukyoung
    2016 31ST IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE), 2016, : 250 - 261
  • [8] Jasmine: A Static Analysis Framework for Spring Core Technologies
    Chen, Miao
    Tu, Tengfei
    Zhang, Hua
    Wen, Qiaoyan
    Wang, Weihang
    PROCEEDINGS OF THE 37TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING, ASE 2022, 2022,
  • [9] A Framework for Scanning Privacy Information based on Static Analysis
    Zhao, Yuan
    Yi, Gaolei
    Liu, Fan
    Hui, Zhanwei
    Zhao, Jianhua
    2022 IEEE 22ND INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY, QRS, 2022, : 1135 - 1145
  • [10] A Static Analysis Framework for Detecting Bugs in Introductory Programs
    Xu, Wenchu
    Ma, Yanran
    2021 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2021), 2021, : 278 - 279
12345