WebAssembly as a Fuzzing Compilation Target (FUZZING 2024)

Mon 16 - Fri 20 September 2024 Vienna, Austria

Who

Florian Bauckholt, Thorsten Holz

Track

FUZZING 2024

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Mon 16 Sep 2024 11:15 - 11:30 at EI 9 Hlawka - Strauss Session

Abstract

Traditional fuzzers rely on a static instrumentation phase, which can be cumbersome to extend and work with. In this paper, we explore a different strategy: By compiling to a common high-level compilation target, we can retain most of the instrumentation opportunities with the potential for dynamic instrumentation. More specifically, we propose WebAssembly (WASM) as a suitable target due to its widespread language support, deterministic and isolated nature, and simple and easy-to-JIT instruction set. To explore this approach, we present and discuss WasmFuzz, a fuzzer for WebAssembly binaries that bridges the gap between native and WASM fuzzing. To enable meaningful WebAssembly fuzzer comparisons, we demonstrate a generic way to retrofit WASM modules into source-based fuzzers through wasm2c. This already raises the performance baseline of WebAssembly fuzzing significantly. In our preliminary evaluation, WasmFuzz achieves, on average, more basic blocks per target compared to other WebAssembly fuzzers and seems competitive with native setups like cargo-fuzz (LibFuzzer). We plan to explore our design in a series of experiments.

Florian Bauckholt

CISPA Helmholtz Center for Information Security

Thorsten Holz

CISPA Helmholtz Center for Information Security

Germany

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Mon 16 Sep
Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:30 - 12:00	Strauss SessionFUZZING at EI 9 Hlawka

10:30 15m Talk		Directed or Undirected: Investigating Fuzzing Strategies in a CI/CD Setup FUZZING Madonna Huang University of British Columbia, Caroline Lemieux University of British Columbia
10:45 15m Talk		Effective Fuzzing within CI/CD Pipelines FUZZING Arindam Sharma Imperial College London, UK, Cristian Cadar Imperial College London, Jonathan Metzman Google
11:00 15m Talk		Automated Feature Testing of Verilog Parsers using Fuzzing FUZZING Quentin Corradi Imperial College London, John Wickerson Imperial College London, George A. Constantinides Imperial College London, UK
11:15 15m Talk		WebAssembly as a Fuzzing Compilation Target FUZZING Florian Bauckholt CISPA Helmholtz Center for Information Security, Thorsten Holz CISPA Helmholtz Center for Information Security
11:30 15m Talk		Visualization Task Taxonomy to Understand the Fuzzing Internals FUZZING Sriteja Kummita Fraunhofer IEM, Miao Miao The University of Texas at Dallas, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Shiyi Wei University of Texas at Dallas

Information for Participants

Mon 16 Sep 2024 10:30 - 12:00 at EI 9 Hlawka - Strauss Session

Info for room EI 9 Hlawka:

Map: https://tuw-maps.tuwien.ac.at/?q=CAEG17

Room tech: https://raumkatalog.tiss.tuwien.ac.at/room/13939