SeeWasm: An Efficient and Fully-Functional Symbolic Execution Engine for WebAssembly Binaries
WebAssembly (Wasm), as a compact, fast, and isolation-guaranteed binary format, can be compiled from more than 40 high-level programming languages. However, vulnerabilities in Wasm binaries could lead to sensitive data leakage and even threaten their hosting environments. To identify them, symbolic execution is widely adopted due to its soundness and the ability to automatically generate exploitations. However, existing symbolic executors for Wasm binaries are typically platform-specific, which means that they cannot support all Wasm features. They may also require significant manual interventions to complete the analysis, and suffering from efficiency issues as well. In this paper, we propose an efficient and fully-functional symbolic execution engine, named SeeWasm. Compared with existing tools, we demonstrate that SeeWasm supports full-featured Wasm binaries without further manual intervention, while accelerating the analysis by 2 to 6 times. SeeWasm has been adopted by existing works to identify more than 30 0-day vulnerability or security issues in well-known C, Go, and SGX applications after compiling them to Wasm binaries.
Wed 18 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:00 | |||
13:30 12mTalk | Generalized Concurrency Testing Tool for Distributed Systems Tool Demonstrations Ege Berkay Gulcan Delft University of Technology, João Neto Delft University of Technology, Burcu Kulahcioglu Ozkan Delft University of Technology DOI Media Attached | ||
13:42 12mTalk | Testing concurrent algorithms on JVM with Lincheck and IntelliJ IDEADistinguished Tool Demo Award Tool Demonstrations Alexander Potapov JetBrains, Maksim Zuev JetBrains, Evgenii Moiseenko JetBrains Research, Nikita Koval JetBrains | ||
13:55 12mTalk | JCWIT: A Correctness-Witness Validator for Java Programs based on Bounded Model Checking Tool Demonstrations Zaiyu Cheng University of Manchester, Tong Wu University of Manchester, Peter Schrammel University of Sussex and Diffblue Ltd, Norbert Tihanyi Eotvos Lorand University, Eddie B. de Lima Filho TPV Technology, Lucas C. Cordeiro University of Manchester, UK and Federal University of Amazonas, Brazil | ||
14:08 12mTalk | ESBMC-Python: A Bounded Model Checker for Python Programs Tool Demonstrations Bruno Farias University of Manchester, Rafael Menezes University of Manchester, Eddie B. de Lima Filho TPV Technology, Youcheng Sun University of Manchester, Lucas C. Cordeiro University of Manchester, UK and Federal University of Amazonas, Brazil Media Attached | ||
14:21 12mTalk | Panda: A Concurrent Scheduler for Compiler-Based Tools Tool Demonstrations Xutong Ma Institute of Software, Chinese Academy of Sciences, Beijing, China, Jiwei Yan Institute of Software at Chinese Academy of Sciences, Jun Yan Institute of Software, Chinese Academy of Sciences, Jian Zhang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI Pre-print Media Attached | ||
14:34 12mTalk | SeeWasm: An Efficient and Fully-Functional Symbolic Execution Engine for WebAssembly Binaries Tool Demonstrations Ningyu He Peking University, Zhehao Zhao Peking University, Hanqin Guan Peking University, Jikai Wang Huazhong University of Science and Technology, Shreya Mathews IMC University of Applied Sciences Krems, Ding Li Peking University, Haoyu Wang Huazhong University of Science and Technology, Xiangqun Chen Peking University, Yao Guo Peking University | ||
14:47 12mTalk | PolyTracker: Whole-Input Dynamic Information Flow TracingDistinguished Tool Demo Award Tool Demonstrations Evan Sultanik Trail of Bits, Marek Surovič Trail of Bits, Henrik Brodin Trail of Bits, Kelly Kaoudis Trail of Bits, Facundo Tuesca Trail of Bits, Carson Harmon Trail of Bits, Lisa Overall Trail of Bits, Joseph Sweeney Trail of Bits, Bradford Larsen Trail of Bits | ||