-
CS Colloquium: Weihang Wang (State University of New York at Buffalo) - Understanding WebAssembly via Program Transformation
Thu, Mar 31, 2022 @ 11:00 AM - 12:00 PM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Speaker: Weihang Wang , State University of New York at Buffalo
Talk Title: Understanding WebAssembly via Program Transformation
Series: CS Colloquium
Abstract: WebAssembly is the newest language for the web, aiming to enable high-performance applications and provide languages such as C/C++ a compilation target so that they can be run on the web. WebAssembly defines a portable binary instruction set, as well as a corresponding textual assembly format. However, WebAssembly's syntax is difficult to interpret for human readers because of the stack machine-based implementation. As a result, distributed third-party WebAssembly modules need to be implicitly trusted by developers as verifying the functionality requires significant effort.
In this talk, I will describe my work towards building analysis tools for developers to understand WebAssembly programs. The first section of the talk will focus on identifying limitations of current analysis tools: I will introduce a code obfuscation technique for obfuscating JavaScript malware by translating parts of the computation into WebAssembly. By pinpointing limitations of current malware detectors, my work motivates future efforts on detecting multi-language malware on the web that uses WebAssembly. The second section of the talk will focus on a set of abstraction rules for WebAssembly instructions, which can be used to lift WebAssembly to a high-level representation that abstracts the underlying semantics of the code. I have applied the abstraction rules in detecting WebAssembly-based cryptomining malware. My detection relies on program semantics unique to cryptomining, which is resilient to variants.
This lecture satisfies requirements for CSCI 591: Research Colloquium
Biography: Weihang Wang is an Assistant Professor at the State University of New York at Buffalo. She received her Ph.D. degree in Computer Science from Purdue University in 2018. Weihang's interests are in Software Engineering, with a focus on building tools for improving the reliability and security of software systems. She was awarded an NSF CAREER Award in 2021, a Facebook Testing and Verification Research Award in 2019, a Mozilla Research Award in 2019, and a Maurice H. Halstead Memorial Research Award in 2018.
Host: Chao Wang
Location: Olin Hall of Engineering (OHE) - 132
Audiences: By invitation only.
Contact: Assistant to CS chair