Webassembly : portability and risks
Le, Nguyen Hoang Minh; Phung, Ba Hiep (2021)
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022062319087
https://urn.fi/URN:NBN:fi:amk-2022062319087
Tiivistelmä
WebAssembly (or Wasm in short) is a new programming language which is supported by several browsers nowadays and can be run with near-native performance. Web developers can utilize JavaScript libraries that are using WebAssembly under the hood without writing low level language such as C/C++, Rust, etc.
The purpose of the thesis was to analyze the portability and the performance of WebAssembly by researching WebAssembly Ecosystem with Rust, compiling a task from Rust and TypeScript into WebAssembly and comparing the runtime of this task to the same task which was written in JavaScript. The authors also aimed to research how WebAssembly can be abused in the real world to perform illegal activities by analyzing a cryptominer sample and a keylogger sample which were written in WebAssembly.
The results show that WebAssembly performs the tasks faster than other languages (Rust, JavaScript and TypeScript). Moreover, the cryptominer and keylogger in WebAssembly are easy to create and use in any website without any detection.
This thesis provides a basic introduction to WebAssembly, compares the performance of WebAssembly with JavaScript, explores the usage of Emscripten and discovers how WebAssembly can be used in cryptomining and keylogging. The thesis aims to help web developers and security researchers in developing the web environment more efficiently and safely.
The purpose of the thesis was to analyze the portability and the performance of WebAssembly by researching WebAssembly Ecosystem with Rust, compiling a task from Rust and TypeScript into WebAssembly and comparing the runtime of this task to the same task which was written in JavaScript. The authors also aimed to research how WebAssembly can be abused in the real world to perform illegal activities by analyzing a cryptominer sample and a keylogger sample which were written in WebAssembly.
The results show that WebAssembly performs the tasks faster than other languages (Rust, JavaScript and TypeScript). Moreover, the cryptominer and keylogger in WebAssembly are easy to create and use in any website without any detection.
This thesis provides a basic introduction to WebAssembly, compares the performance of WebAssembly with JavaScript, explores the usage of Emscripten and discovers how WebAssembly can be used in cryptomining and keylogging. The thesis aims to help web developers and security researchers in developing the web environment more efficiently and safely.