Avengers, Assemble! Survey of WebAssembly Security Solutions
Minseo Kim, Hyerean Jang, Youngjoo Shin
Abstract
WebAssembly, abbreviated as Wasm, has emerged as a new paradigm in cloud-native developments owing to its promising properties. Native execution speed and fast startup time make Wasm an alternative for container-based cloud applications. Despite its security-by-design strategy, however, WebAssembly suffers from a variety of vulnerabilities and weaknesses, which hinder its rapid adoption in cloud computing. For instance, the native execution performance attracted cybercriminals to abuse Wasm binaries for the purpose of resource stealing such as cryptojacking. Without proper defense mechanisms, Wasm-based malware would proliferate, causing huge financial loss of cloud users. Moreover, the design principle that allows type-unsafe languages such as C/C++ inherently induces various memory bugs in an Wasm binary. Efficient and robust vulnerability analysis techniques are necessary to protect benign cloud-native Wasm applications from being exploited by attackers. Due to the young age of WebAssembly, however, there are few works in the literature that provide developers guidance to such security techniques. This makes developers to hesitate considering Wasm as their cloud-native platform. In this paper, we surveyed various techniques and methods for Wasm binary security proposed in the literature and systematically classified them according to certain criteria. As a result, we propose future research directions regarding the current lack of WebAssembly binary security research.