APSEC 2024
Tue 3 - Fri 6 December 2024 China
Wed 4 Dec 2024 16:00 - 16:30 at Room 2 (Xiangshan Ballroom) - Session (5) Chair(s): Haoye Tian

WebAssembly (WASM) has rapidly emerged as a ubiquitous target for web browsers, server-side applications, and blockchain platforms, with promising performance and portability. As WASM grows in popularity, ensuring its security and resilience becomes paramount. However, traditional fuzzing approaches struggle to detect potential security vulnerabilities in existing WebAssembly runtimes due to their lack of perception of the WASM file structure. In this paper, we introduce SwFuzz, a dedicated fuzzing framework tailored for WASM binaries. SwFuzz integrates comprehensive structure-sensitive policies that capture the nuances and intricacies within the WASM binaries. Our proposed fuzzing framework not only identifies vulnerabilities present in conventional binaries but also emphasizes the detection of WASM-specific bugs that have previously gone unnoticed. Experimental results demonstrate that SwFuzz has discovered numerous new bugs, with 17 CVEs being assigned, underscoring the importance of a specialized fuzzing framework for evolving platforms like WASM. Our findings also highlight the critical requirement for a proactive approach to securing the WASM landscape.

Wed 4 Dec

Displayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change

16:00 - 17:30
Session (5)Technical Track at Room 2 (Xiangshan Ballroom)
Chair(s): Haoye Tian University of Melbourne
16:00
30m
Talk
SwFuzz: Structure-Sensitive WebAssembly Fuzzing
Technical Track
Jiashui Wang Zhejiang University, Ziyi Guo Northwestern University, Xinlei Ying Ant Group, Peng Qian Zhejiang University, Yan Chen Northwestern University
16:30
30m
Talk
Data Conflicts-Guided Interleaved Thread Scheduling for Flaky Test Detection in Multithreaded Programs
Technical Track
Tianzi Wang College of lnformation Science and Technology, Beijing University of chemical Technology, Beijing, China, Ruilian Zhao Beijing University of Chemical Technology, Weiwei Wang College of lnformation Science and Technology, Beijing University of chemical Technology, Beijing, China, Weixi Zhang College of Information Engineering, Beijing Institute of Petrochemical Technology, Beijing, China
17:00
30m
Talk
AS-Fuzzer: An Optimized ADS Fuzzing Method via Scenario Segmentation and Parallel Evolution
Technical Track
Fansong Chen Institute of Information Engineering, Chinese Academy of Sciences, Shenghao Lin Institute of Information Engineering, Chinese Academy of Sciences, Weicheng Lin Institute of Information Engineering, Chinese Academy of Sciences, Laile Xi Institute of Information Engineering, Chinese Academy of Sciences , Yongji Liu Institute of Information Engineering, Chinese Academy of Sciences, Lun Li Institute of Information Engineering at Chinese Academy of Sciences, Hongsong Zhu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences