Document Type
Article
Publication Date
8-25-2025
Publication Source
Proceedings of the 2025 Berry Summer Thesis Institute
Abstract
This project studies WebAssembly, a binary language specification that enables non-native languages, such as C/C++ and Rust, to run efficiently on webpages, supporting complex tasks like gaming or data processing. It functions by translating a non-native language into a WebAssembly binary, which is natively supported by most browsers. Notably, WebAssembly uses a linear memory model, storing all non-code data in a single linear array. Unfortunately, this design compromises some security principles, introducing security risks and complications.
Our overall project goal is to investigate WebAssembly functionality, develop a test program, and address a critical security challenge to enhance the safety of web applications. In particular, we have thoroughly studied WebAssembly's architecture, with a focus on its linear memory model and security mechanisms. We have built a proof-of-concept prototype in C, compiled to WebAssembly, and evaluated its security by testing vulnerabilities and their impacts on the system as a whole. Finally, we have reviewed the literature to identify unresolved problems that require further investigation. Some examples of these are side-channel attacks and supply chain security for WebAssembly components. Since it is a complex system, numerous facets require study. As the use of the Internet grows with each generation, developing secure systems for sending and receiving data is more critical than ever.
Keywords
WebAssembly, Supply Chain Security
Disciplines
Cybersecurity | Information Security
Sponsoring Agency
Berry Summer Thesis Institute, Berry Family Foundation
eCommons Citation
Crossman, Thomas, "A Study on WebAssembly and its Security" (2025). Proceedings of the Berry Summer Thesis Institute, 2025. 8.
https://ecommons.udayton.edu/uhp_bsti_2025/8
Comments
I would like to thank the Berry Summer Thesis Institute and the University Honors Program for their support. Thanks to Dr. Borbonus for running the program and the Berry Family for their financial support. Special thanks to Dr. Phung for mentoring me and helping me navigate the difficult parts of research. I would also like to thank my family for always supporting me.