Program analysis of WebAssembly binaries

Abstract

WebAssembly is a rapidly expanding low-level bytecode that runs in browsers, on the server side, and in standalone runtimes. It brings exciting opportunities to the Web and has the potential to radically change the distribution model of software. At the same time, WebAssembly comes with new challenges and open questions, in particular regarding program analysis and security. The goal of this dissertation is to answer such questions and to support developers with novel insights, datasets, and program analysis techniques for WebAssembly binaries. WebAssembly is frequently compiled from unsafe languages such as C and C++. That begs the question: What happens with memory vulnerabilities when compiling to WebAssembly? We start by analyzing the language and ecosystem and find severe issues, such as the inability to protect memory, missing mitigations, and new attacks that are unique to WebAssembly. To assess the risk in practice, we collect WasmBench, a large-scale dataset of real-world binaries, and study common source languages and usages of WebAssembly. To find and mitigate vulnerabilities leading to such attacks, we develop Fuzzm, the first binary-only greybox fuzzer for WebAssembly. Due to WebAssembly's novelty and its low-level nature, developers are also in dire need of techniques to help them understand and analyze WebAssembly programs. For that, we introduce Wasabi, the first dynamic analysis framework for WebAssembly. It employs static binary instrumentation, which requires us to address several technical challenges, such as handling WebAssembly's static types and structured control-flow. Finally, we present SnowWhite, a learning-based approach for recovering high-level types from WebAssembly binaries. Unlike prior work, also among other binary formats, it generates types from an expressive type language, and not by classification into few fixed choices. This dissertation shows that program analysis of WebAssembly binaries has versatile applications and can be reliably and efficiently implemented. Given the young age yet steep trajectory of WebAssembly, it is going to be an important language and binary format for years to come. We look forward to many more works in this area, and hope they can build on the results, techniques, and datasets put forth in this dissertation.