ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Mon 15 Apr 2024 09:50 - 10:10 at Amadeo de Souza-Cardoso - Developing secure software Chair(s): Awais Rashid

Xiangwei Zhang1, Junjie Wang1,3, Xiaoning Du2, Shuang Liu1. 1: College of Intelligence and Computing, Tianjin University, China; 2: Monash University, Australia; 3: Nanyang technological university, Singapore.


WebAssembly (Wasm) has emerged as a pivotal technology for web applications, offering near-native execution speeds and bolstered security through sandboxed execution. Despite its widespread adoption in major browsers, the rapid evolution of Wasm introduces novel attack surfaces, particularly in Wasm compilers. The challenge of Wasm compiler testing lies in producing semi-valid Wasm samples that are structurally sound enough to bypass initial checks yet sufficiently unique to probe for vulnerabilities. In response, we introduce WasmCFuzz, an innovative fuzzing approach that utilizes AFL-generated random bytes to create semi-valid Wasm formats. This method effectively balances structural validity with the potential to uncover compiler corner cases. Our comprehensive evaluation demonstrates that WasmCFuzz not only outperforms existing methods likeWasm-smith andWAfuzzer but also uncovers 13 previously unidentified bugs in mainstream browsers within just a week. These findings highlight WasmCFuzz’s capability in enhancing the security of Wasm compilers, marking a significant step forward in Wasm compiler testing.

Mon 15 Apr

Displayed time zone: Lisbon change

09:00 - 10:30
Developing secure softwareEnCyCriS/SVM at Amadeo de Souza-Cardoso
Chair(s): Awais Rashid University of Bristol, UK
Day opening
Wokshop opening
W: Coralie Esnoul Institute For Energy Technology (IFE)
Keynote: If you build it, they (probably) won’t come
K: Adam Joinson School of Management University of Bath
WasmCFuzz: Structure-aware Fuzzing for Wasm Compilers
A: Xiangwei Zhang College of Intelligence and Computing, Tianjin University, A: Junjie Wang College of Intelligence and Computing, Tianjin University, A: Xiaoning Du Monash University, Australia, A: Shuang Liu Tianjin University
Mitigating Security Issues in GitHub Actions
A: Hassan Onsori Delicheh University of Mons, Belgium, A: Tom Mens University of Mons