This work identifies a novel code confidentiality threat against WebAssembly (Wasm) in AMD SEV-SNP trusted execution environments (TEEs): address-space leakage enables adversaries to reconstruct Wasm execution characteristics—rendering Wasm binaries significantly more vulnerable to reverse engineering than native code. To address this, we present the first Wasm code recovery framework tailored for SEV-SNP, integrating address-space analysis, dynamic execution feature extraction, and multi-source side-channel modeling. Experimental evaluation demonstrates that our approach consistently reconstructs over 70% of function logic and control-flow structure across diverse scenarios—substantially outperforming single-step debugging-based recovery on SGX, which caps at ~50%. This work not only exposes an inherent confidentiality weakness of Wasm in SEV-SNP but also achieves, for the first time, high-accuracy and robust binary-level Wasm reconstruction. It establishes a new paradigm for security assessment and hardening of Wasm in TEEs.

WebAssembly (Wasm) has risen as a widely used technology to distribute computing workloads on different platforms. The platform independence offered through Wasm makes it an attractive solution for many different applications that can run on disparate infrastructures. In addition, Trusted Execution Environments (TEEs) are offered in many computing infrastructures, which allows also running security sensitive Wasm workloads independent of the specific platforms offered. However, recent work has shown that Wasm binaries are more sensitive to code confidentiality attacks than native binaries. The previous result was obtained for Intel SGX only. In this paper, we take this one step further, introducing a new Wasm code-confidentiality attack that exploits exposed address-space information in TEEs. Our attack enables the extraction of crucial execution features which, when combined with additional side channels, allows us to with high reliability obtain more than 70% of the code in most cases. This is a considerably larger amount than was previously obtained by single stepping Intel SGX where only upwards to 50% of the code could be obtained.