[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

WASMixer: Binary Obfuscation for WebAssembly

  • Conference paper
  • First Online:
Computer Security – ESORICS 2024 (ESORICS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14984))

Included in the following conference series:

  • 538 Accesses

Abstract

WebAssembly (Wasm) is an emerging binary format that draws great attention from the community. However, Wasm binaries are weakly protected, as they can be read, edited, and manipulated by adversaries using either the officially provided readable text format or some advanced binary analysis tools. Reverse engineering of Wasm binaries is often used for nefarious intentions, e.g., identifying and exploiting both classic and Wasm-specific vulnerabilities exposed in binaries. However, no Wasm-specific obfuscator is available to secure the Wasm binaries. To fill this gap, we present WASMixer, the first general-purpose Wasm binary obfuscator, enforcing data-level (string literals and readable names) and code-level (control flow and instructions) obfuscation against Wasm binaries. We propose a series of key techniques to overcome challenges during Wasm binary rewriting, including a runtime on-demand en(de)cryption method to minimize the performance impact on memory data, and code splitting/reconstructing algorithms to handle Wasm highly-structured control flow. Extensive experiments demonstrate the correctness, effectiveness and efficiency of WASMixer. Our research has shed light on the promising direction of Wasm binary research, including Wasm code protection, Wasm binary diversification, and the attack-defense arm race of Wasm binaries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 49.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 64.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Local variables can be shared across code blocks within a function.

  2. 2.

    https://github.com/Relph1119/wasm-python-book (commit: 0x872bc8f).

References

  1. AutoCAD web app (2023). https://web.autocad.com/

  2. Collatz conjecture (2023). https://en.wikipedia.org/wiki/Collatz_conjecture

  3. Photoshop’s journey to the web (2023). https://web.dev/ps-on-the-web/

  4. VirusTotal official website (2023). https://en.wikipedia.org/wiki/LEB128

  5. Ambient: Github Ambient repository (2023). https://github.com/AmbientRun/Ambient

  6. Anand, S., et al.: An orchestrated survey of methodologies for automated software test case generation. J. Syst. Softw. 86(8), 1978–2001 (2013)

    Article  Google Scholar 

  7. Anckaert, B., Jakubowski, M., Venkatesan, R.: Proteus: virtualization for diversified tamper-resistance. In: Proceedings of the ACM Workshop on Digital Rights Management, pp. 47–58 (2006)

    Google Scholar 

  8. Arteaga, J.C., Malivitsis, O., Perez, O.V., Baudry, B., Monperrus, M.: Crow: code diversification for webassembly. arXiv preprint arXiv:2008.07185 (2020)

  9. Balachandran, V., Tan, D.J., Thing, V.L., et al.: Control flow obfuscation for android applications. Comput. Secur. 61, 72–93 (2016)

    Article  Google Scholar 

  10. Banescu, S., Collberg, C., Ganesh, V., Newsham, Z., Pretschner, A.: Code obfuscation against symbolic execution attacks. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 189–200 (2016)

    Google Scholar 

  11. Bhansali, S., Aris, A., Acar, A., Oz, H., Uluagac, A.S.: A first look at code obfuscation for webassembly. In: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 140–145 (2022)

    Google Scholar 

  12. Binaryen: Github Binaryen repository (2023). https://github.com/WebAssembly/binaryen

  13. Blazor: Blazor official webpage (2023). https://dotnet.microsoft.com/en-us/apps/aspnet/web-apps/blazor

  14. Brito, T., Lopes, P., Santos, N., Santos, J.F.: Wasmati: an efficient static vulnerability scanner for webassembly. Comput. Secur. 118, 102745 (2022)

    Article  Google Scholar 

  15. Cabrera-Arteaga, J., Monperrus, M., Toady, T., Baudry, B.: Webassembly diversification for malware evasion. arXiv preprint arXiv:2212.08427 (2022)

  16. Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical report. Department of Computer Science, The University of Auckland, New Zealand (1997)

    Google Scholar 

  17. Collections-C: Github Collections-C repository (2023). https://github.com/srdja/Collections-C

  18. Collections-c-for-gillian: Github collections-c-for-gillian repository (2023). https://github.com/GillianPlatform/collections-c-for-gillian

  19. Emscripten: Emscripten official website (2023). https://emscripten.org/

  20. Haas, A., et al.: Bringing the web up to speed with webassembly. In: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 185–200 (2017)

    Google Scholar 

  21. Hall, A., Ramachandran, U.: An execution model for serverless functions at the edge. In: Proceedings of the International Conference on Internet of Things Design and Implementation, pp. 225–236 (2019)

    Google Scholar 

  22. Haßler, K., Maier, D.: Wafl: binary-only webassembly fuzzing with fast snapshots. In: Reversing and Offensive-oriented Trends Symposium, pp. 23–30 (2021)

    Google Scholar 

  23. He, N., et al.: Eosafe: security analysis of eosio smart contracts. In: USENIX Security Symposium, pp. 1271–1288 (2021)

    Google Scholar 

  24. Hilbig, A., Lehmann, D., Pradel, M.: An empirical study of real-world webassembly binaries: security, languages, use cases. In: Proceedings of the Web Conference 2021, pp. 2696–2708 (2021)

    Google Scholar 

  25. Hou, T.W., Chen, H.Y., Tsai, M.H.: Three control flow obfuscation methods for java software. IEE Proc.-Softw. 153(2), 80–86 (2006)

    Article  Google Scholar 

  26. Junod, P., Rinaldini, J., Wehrli, J., Michielin, J.: Obfuscator-llvm–software protection for the masses. In: 2015 IEEE/ACM 1st International Workshop on Software Protection, pp. 3–9. IEEE (2015)

    Google Scholar 

  27. László, T., Kiss, Á.: Obfuscating c++ programs via control flow flattening. Annales Universitatis Scientarum Budapestinensis de Rolando Eötvös Nominatae, Sectio Computatorica 30(1), 3–19 (2009)

    Google Scholar 

  28. Lehmann, D., Kinder, J., Pradel, M.: Everything old is new again: binary security of webassembly. In: Proceedings of the 29th USENIX Conference on Security Symposium, pp. 217–234 (2020)

    Google Scholar 

  29. Lehmann, D., Pradel, M.: Finding the dwarf: recovering pecise types from webassembly binaries. In: Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation, pp. 410–425 (2022)

    Google Scholar 

  30. Lehmann, D., Thalakottur, M., Tip, F., Pradel, M.: That’sa tough call: studying the challenges of call graph construction for webassembly. In: Symposium on Software Testing and Analysis (ISSTA 2023) (2023)

    Google Scholar 

  31. Lehmann, D., Torp, M.T., Pradel, M.: Fuzzm: finding memory bugs through binary-only instrumentation and fuzzing of webassembly. arXiv preprint arXiv:2110.15433 (2021)

  32. Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 290–299 (2003)

    Google Scholar 

  33. Marques, F., Fragoso Santos, J., Santos, N., Adão, P.: Concolic execution for webassembly. In: 36th European Conference on Object-Oriented Programming (ECOOP 2022). Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2022)

    Google Scholar 

  34. MDN: MDN web docs website (2023). https://developer.mozilla.org/en-US/docs/WebAssembly/Rust_to_wasm

  35. Mossberg, M., et al.: Manticore: a user-friendly symbolic execution framework for binaries and smart contracts. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1186–1189. IEEE (2019)

    Google Scholar 

  36. obfuscation-benchmarks: Github obfuscation-benchmarks repository (2023). https://github.com/tum-i4/obfuscation-benchmarks/tree/master/basic-algorithms

  37. Ollivier, M., Bardin, S., Bonichon, R., Marion, J.Y.: How to kill symbolic deobfuscation for free (2019)

    Google Scholar 

  38. Romano, A., Zheng, Y., Wang, W.: Minerray: semantics-aware analysis for ever-evolving cryptojacking detection. In: Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, pp. 1129–1140 (2020)

    Google Scholar 

  39. Schloegel, M., et al.: Loki: hardening code obfuscation against automated attacks. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 3055–3073 (2022)

    Google Scholar 

  40. Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: 2010 IEEE Symposium on Security and Privacy, pp. 317–331. IEEE (2010)

    Google Scholar 

  41. Seto, T., Monden, A., Yücel, Z., Kanzaki, Y.: On preventing symbolic execution attacks by low cost obfuscation. In: 2019 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), pp. 495–500. IEEE (2019)

    Google Scholar 

  42. Stiévenart, Q., Binkley, D.W., De Roover, C.: Static stack-preserving intra-procedural slicing of webassembly binaries. In: Proceedings of the 44th International Conference on Software Engineering, pp. 2031–2042 (2022)

    Google Scholar 

  43. tigress: tigress official website (2023). https://tigress.wtf/index.html

  44. TinyGo: TinyGo official docs webpage (2023). https://tinygo.org/docs/guides/webassembly/

  45. Veidenberg, A., Medlar, A., Löytynoja, A.: Wasabi: an integrated platform for evolutionary sequence analysis and data visualization. Mol. Biol. Evol. 33(4), 1126–1130 (2016)

    Article  Google Scholar 

  46. wabt: Github wabt repository (2023). https://github.com/WebAssembly/wabt

  47. Wang, D., Jiang, B., Chan, W.: Wana: symbolic execution of wasm bytecode for cross-platform smart contract vulnerability detection. arXiv preprint arXiv:2007.15510 (2020)

  48. Wang, W., Ferrell, B., Xu, X., Hamlen, K.W., Hao, S.: SEISMIC: SEcure in-lined script monitors for interrupting cryptojacks. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 122–142. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_7

    Chapter  Google Scholar 

  49. Wang, Z., Ming, J., Jia, C., Gao, D.: Linear obfuscation to combat symbolic execution. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 210–226. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_12

    Chapter  Google Scholar 

  50. wapm: wapm official website (2023). https://wapm.io/

  51. wasp: Github wasp repository (2023). https://github.com/wasp-platform/wasp/tree/main/wasp/tests

  52. webasm: webasm official webpage (2023). https://www.mainconcept.com/webasm

  53. WebAssembly: Github wasi-sdk repository (2023). https://github.com/WebAssembly/wasi-sdk

  54. Xu, H., Zhou, Y., Kang, Y., Tu, F., Lyu, M.: Manufacturing resilient bi-opaque predicates against symbolic execution. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 666–677. IEEE (2018)

    Google Scholar 

  55. Zakai, A.: Emscripten: an llvm-to-javascript compiler. In: Proceedings of the ACM International Conference Companion on Object Oriented Programming Systems Languages and Applications Companion, pp. 301–312 (2011)

    Google Scholar 

  56. Zhang, F., Huang, H., Zhu, S., Wu, D., Liu, P.: Viewdroid: towards obfuscation-resilient mobile application repackaging detection. In: Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks, pp. 25–36 (2014)

    Google Scholar 

Download references

Acknowledgments

The first two authors contribute equally to this work. This study was partly supported by National Key R&D Program of China (2021YFB2701000), Key R&D Program of Hubei Province (2023BAB017, 2023BAB079), National Natural Science Foundation of China (grants No. 62141208), HUST CSE-HongXin Joint Institute for Cyber Security, and HUST CSE-FiberHome Joint Institute for Cyber Security.

Author information

Authors and Affiliations

  1. Beijing University of Posts and Telecommunications, Beijing, China

    Shangtong Cao

  2. Key Lab of HCST (PKU), MOE; SCS, Peking University, Beijing, China

    Ningyu He & Yao Guo

  3. Huazhong University of Science and Technology, Wuhan, China

    Haoyu Wang

Authors
  1. Shangtong Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ningyu He
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yao Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Haoyu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Haoyu Wang .

Editor information

Editors and Affiliations

  1. Institut Polytechnique de Paris, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. Bydgoszcz University of Science and Technology, Bydgoszcz, Poland

    Rafał Kozik

  3. Bydgoszcz University of Science and Technology, Bydgoszcz, Poland

    Michał Choraś

  4. Norwegian University of Science and Technology - NTNU, Gjøvik, Norway

    Sokratis Katsikas

A Appendix Figures and Tables

A Appendix Figures and Tables

Fig. 5.
figure 5

The distribution of n-th nesting layers before and after control flow flattening for Wasm binaries in D\(_1\) to D\(_5\).

Full size image
Table 6. The results of VirusTotal on identifying cryptominers with different obfuscation options. OB\(_1\) to OB\(_4\) respectively refer to name obfuscation, memory obfuscation, control flow flattening, and alias disruption. OB\(_5\) is the combination of OB\(_1\) and OB\(_2\).
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cao, S., He, N., Guo, Y., Wang, H. (2024). WASMixer: Binary Obfuscation for WebAssembly. In: Garcia-Alfaro, J., Kozik, R., Choraś, M., Katsikas, S. (eds) Computer Security – ESORICS 2024. ESORICS 2024. Lecture Notes in Computer Science, vol 14984. Springer, Cham. https://doi.org/10.1007/978-3-031-70896-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-70896-1_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-70895-4

  • Online ISBN: 978-3-031-70896-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation