WebAssembly and security: A review

IF 13.3 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Science Review Pub Date : 2025-01-30 DOI:10.1016/j.cosrev.2025.100728

Gaetano Perrone, Simon Pietro Romano

{"title":"WebAssembly and security: A review","authors":"Gaetano Perrone, Simon Pietro Romano","doi":"10.1016/j.cosrev.2025.100728","DOIUrl":null,"url":null,"abstract":"WebAssembly is revolutionizing the approach to developing modern applications. Although this technology was born to create portable and performant modules in web browsers, currently, its capabilities are extensively exploited in multiple and heterogeneous use-case scenarios. With the extensive effort of the community, new toolkits make the use of this technology more suitable for real-world applications. In this context, it is crucial to study the liaisons between the WebAssembly ecosystem and software security. Indeed, WebAssembly can be a medium for improving the security of a system, but it can also be exploited to evade detection systems or for performing crypto-mining activities. In addition, programs developed in low-level languages such as C can be compiled in WebAssembly binaries, and it is interesting to evaluate the security impacts of executing programs vulnerable to attacks against memory in the WebAssembly sandboxed environment. Also, WebAssembly has been designed to provide a secure and isolated environment, but such capabilities should be assessed in order to analyze their weaknesses and propose new mechanisms for addressing them. Although some research works have provided surveys of the most relevant solutions aimed at discovering WebAssembly vulnerabilities or detecting attacks, at the time of writing there is no comprehensive review of security-related literature in the WebAssembly ecosystem. We aim to fill this gap by proposing a comprehensive review of research works dealing with security in WebAssembly. We analyze 147 papers by identifying seven different security categories.","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"13 1","pages":""},"PeriodicalIF":13.3000,"publicationDate":"2025-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Science Review","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1016/j.cosrev.2025.100728","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

WebAssembly is revolutionizing the approach to developing modern applications. Although this technology was born to create portable and performant modules in web browsers, currently, its capabilities are extensively exploited in multiple and heterogeneous use-case scenarios. With the extensive effort of the community, new toolkits make the use of this technology more suitable for real-world applications. In this context, it is crucial to study the liaisons between the WebAssembly ecosystem and software security. Indeed, WebAssembly can be a medium for improving the security of a system, but it can also be exploited to evade detection systems or for performing crypto-mining activities. In addition, programs developed in low-level languages such as C can be compiled in WebAssembly binaries, and it is interesting to evaluate the security impacts of executing programs vulnerable to attacks against memory in the WebAssembly sandboxed environment. Also, WebAssembly has been designed to provide a secure and isolated environment, but such capabilities should be assessed in order to analyze their weaknesses and propose new mechanisms for addressing them. Although some research works have provided surveys of the most relevant solutions aimed at discovering WebAssembly vulnerabilities or detecting attacks, at the time of writing there is no comprehensive review of security-related literature in the WebAssembly ecosystem. We aim to fill this gap by proposing a comprehensive review of research works dealing with security in WebAssembly. We analyze 147 papers by identifying seven different security categories.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Science Review Computer Science-General Computer Science

CiteScore

32.70

自引率

0.00%

发文量

审稿时长

51 days

期刊介绍： Computer Science Review, a publication dedicated to research surveys and expository overviews of open problems in computer science, targets a broad audience within the field seeking comprehensive insights into the latest developments. The journal welcomes articles from various fields as long as their content impacts the advancement of computer science. In particular, articles that review the application of well-known Computer Science methods to other areas are in scope only if these articles advance the fundamental understanding of those methods.