A First Look at Code Obfuscation for WebAssembly

Abstract

WebAssembly (Wasm) has seen a lot of attention lately as it spreads through the mobile computing domain and becomes the new standard for performance-oriented web development. It has diversified its uses far beyond just web applications by acting as an execution environment for mobile agents, containers for IoT devices, and enabling new serverless approaches for edge computing. Within the numerous uses of Wasm, not all of them are benign. With the rise of Wasm-based cryptojacking malware, analyzing Wasm applications has been a hot topic in the literature, resulting in numerous Wasm-based cryptojacking detection systems. Many of these methods rely on static analysis, which traditionally can be circumvented through obfuscation. However, the feasibility of the obfuscation techniques for Wasm programs has never been investigated thoroughly. In this paper, we address this gap and perform the first look at code obfuscation for Wasm. We apply numerous obfuscation techniques to Wasm programs, and test their effectiveness in producing a fully obfuscated Wasm program. Particularly, we obfuscate both benign Wasm-based web applications and cryptojacking malware instances and feed them into a state-of-the-art Wasm cryptojacking detector to see if current Wasm analysis methods can be subverted with obfuscation. Our analysis shows that obfuscation can be highly effective and can cause even a state-of-the-art detector to misclassify the obfuscated Wasm samples.

Publication
Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)
Abbas Acar
Abbas Acar
Senior Research Scientist

I completed my PhD in the Cyber-Physical Systems Security (CSL) lab under the supervision of Professor Selcuk Uluagac in 2020 at Florida International University (FIU), USA. Before that, I received my BSc from Electrical and Electronics Engineering at Middle East Technical University, Turkey in 2015 with a minor in Mathematics. My research interests include alternative authentication methods (e.g., continuous authentication), IoT security and privacy, and privacy-preserving technologies (e.g., homomorphic encryption).