WasmFuzzer : A Fuzzer for WebAssembly Virtual Machines
Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Title of host publication | SEKE 2022 - Proceedings of the 34th International Conference on Software Engineering and Knowledge Engineering |
Publisher | KSI Research Inc. |
Pages | 537-542 |
ISBN (print) | 9781891706547 |
Publication status | Published - Jul 2022 |
Publication series
Name | Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE |
---|---|
ISSN (Print) | 2325-9000 |
ISSN (electronic) | 2325-9086 |
Conference
Title | 34th International Conference on Software Engineering and Knowledge Engineering, SEKE 2022 |
---|---|
Place | United States |
City | Pittsburgh |
Period | 1 - 10 July 2022 |
Link(s)
Abstract
WebAssembly is a fast, safe, and portable low-level language suitable for diverse application scenarios. And The WebAssembly virtual machines are widely used by Web browsers or Blockchain platforms as execution engine. When there is a bug in the implementation of the Wasm virtual machine, the execution of WebAssembly may lead to errors or vulnerability in the application. Due to the grammar checks by WASM VMs, fuzzing at the binary level is ineffective to expose the bugs because most inputs cannot reach the deep logic within the WASM VM. In this work, we propose WasmFuzzer, a bytecode level fuzzing tool for WASM VMs. WasmFuzzer proposes to generate initial seeds for Fuzzing at the Wasm bytecode level and it also designs a systematic set of mutation operators for Wasm bytecode. Furthermore, WasmFuzzer proposes an adaptive mutation strategy to search for the best mutation operators for different fuzzing targets. Our evaluation on 3 real-life Wasm VMs shows that WasmFuzzer can significantly outperform AFL in terms of both code coverage and unique crash.
Research Area(s)
- fuzzing, Virtual Machine, WebAssembly
Citation Format(s)
WasmFuzzer: A Fuzzer for WebAssembly Virtual Machines. / Jiang, Bo; Li, Zichao; Huang, Yuhe et al.
SEKE 2022 - Proceedings of the 34th International Conference on Software Engineering and Knowledge Engineering. KSI Research Inc., 2022. p. 537-542 (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE).
SEKE 2022 - Proceedings of the 34th International Conference on Software Engineering and Knowledge Engineering. KSI Research Inc., 2022. p. 537-542 (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE).
Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review