WasmFuzzer : A Fuzzer for WebAssembly Virtual Machines

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

3 Scopus Citations
View graph of relations

Author(s)

Related Research Unit(s)

Detail(s)

Original languageEnglish
Title of host publicationSEKE 2022 - Proceedings of the 34th International Conference on Software Engineering and Knowledge Engineering
PublisherKSI Research Inc.
Pages537-542
ISBN (print)9781891706547
Publication statusPublished - Jul 2022

Publication series

NameProceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE
ISSN (Print)2325-9000
ISSN (electronic)2325-9086

Conference

Title34th International Conference on Software Engineering and Knowledge Engineering, SEKE 2022
PlaceUnited States
CityPittsburgh
Period1 - 10 July 2022

Abstract

WebAssembly is a fast, safe, and portable low-level language suitable for diverse application scenarios. And The WebAssembly virtual machines are widely used by Web browsers or Blockchain platforms as execution engine. When there is a bug in the implementation of the Wasm virtual machine, the execution of WebAssembly may lead to errors or vulnerability in the application. Due to the grammar checks by WASM VMs, fuzzing at the binary level is ineffective to expose the bugs because most inputs cannot reach the deep logic within the WASM VM. In this work, we propose WasmFuzzer, a bytecode level fuzzing tool for WASM VMs. WasmFuzzer proposes to generate initial seeds for Fuzzing at the Wasm bytecode level and it also designs a systematic set of mutation operators for Wasm bytecode. Furthermore, WasmFuzzer proposes an adaptive mutation strategy to search for the best mutation operators for different fuzzing targets. Our evaluation on 3 real-life Wasm VMs shows that WasmFuzzer can significantly outperform AFL in terms of both code coverage and unique crash.

Research Area(s)

  • fuzzing, Virtual Machine, WebAssembly

Citation Format(s)

WasmFuzzer: A Fuzzer for WebAssembly Virtual Machines. / Jiang, Bo; Li, Zichao; Huang, Yuhe et al.
SEKE 2022 - Proceedings of the 34th International Conference on Software Engineering and Knowledge Engineering. KSI Research Inc., 2022. p. 537-542 (Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE).

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review