WebAssembly (WASM) has rapidly emerged as a ubiquitous target for web browsers, server-side applications, and blockchain platforms, with promising performance and portability. As WASM grows in popularity, ensuring its security and resilience becomes paramount. However, traditional fuzzing approaches struggle to detect potential security vulnerabilities in existing WebAssembly runtimes due to their lack of perception of the WASM file structure. In this paper, we introduce SwFuzz, a dedicated fuzzing framework tailored for WASM binaries. SwFuzz integrates comprehensive structure-sensitive policies that capture the nuances and intricacies within the WASM binaries. Our proposed fuzzing framework not only identifies vulnerabilities present in conventional binaries but also emphasizes the detection of WASM-specific bugs that have previously gone unnoticed. Experimental results demonstrate that SwFuzz has discovered numerous new bugs, with 17 CVEs being assigned, underscoring the importance of a specialized fuzzing framework for evolving platforms like WASM. Our findings also highlight the critical requirement for a proactive approach to securing the WASM landscape.
Wed 4 DecDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
16:00 - 17:30 | Session (5)Technical Track at Room 2 (Xiangshan Ballroom) Chair(s): Haoye Tian University of Melbourne | ||
16:00 30mTalk | SwFuzz: Structure-Sensitive WebAssembly Fuzzing Technical Track Jiashui Wang Zhejiang University, Ziyi Guo Northwestern University, Xinlei Ying Ant Group, Peng Qian Zhejiang University, Yan Chen Northwestern University | ||
16:30 30mTalk | Data Conflicts-Guided Interleaved Thread Scheduling for Flaky Test Detection in Multithreaded Programs Technical Track Tianzi Wang College of lnformation Science and Technology, Beijing University of chemical Technology, Beijing, China, Ruilian Zhao Beijing University of Chemical Technology, Weiwei Wang College of lnformation Science and Technology, Beijing University of chemical Technology, Beijing, China, Weixi Zhang College of Information Engineering, Beijing Institute of Petrochemical Technology, Beijing, China | ||
17:00 30mTalk | AS-Fuzzer: An Optimized ADS Fuzzing Method via Scenario Segmentation and Parallel Evolution Technical Track Fansong Chen Institute of Information Engineering, Chinese Academy of Sciences, Shenghao Lin Institute of Information Engineering, Chinese Academy of Sciences, Weicheng Lin Institute of Information Engineering, Chinese Academy of Sciences, Laile Xi Institute of Information Engineering, Chinese Academy of Sciences , Yongji Liu Institute of Information Engineering, Chinese Academy of Sciences, Lun Li Institute of Information Engineering at Chinese Academy of Sciences, Hongsong Zhu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences |