CISPA
Browse

WebAssembly as a Fuzzing Compilation Target (Registered Report)

Download (894.77 kB)
conference contribution
posted on 2024-09-24, 12:06 authored by Florian BauckholtFlorian Bauckholt, Thorsten HolzThorsten Holz
By monitoring the execution of the program under test, fuzzers can gather feedback on how different inputs affect the program’s behavior and detect crashes and other abnormal behaviors. To achieve these objectives, fuzzers typically rely on a static instrumentation phase, which can be cumbersome to extend and experiment with. In this paper, we explore a different strategy: By compiling to a common high-level compilation target, we can retain most of the instrumentation opportunities with the potential for dynamic instrumentation. Compiling to an intermediate target disentangles instrumentation from the harness build process and produces fuzzer-independent harness artifacts. More specifically, we propose to use WebAssembly (WASM) as a suitable target due to its widespread language support, deterministic and isolated nature, and simple and easy-to-JIT instruction set. To explore this approach, we present and discuss WasmFuzz, a fuzzer for WebAssembly binaries that bridges the gap between native and WASM fuzzing. To enable meaningful WebAssembly fuzzer comparisons, we demonstrate a generic way to retrofit WASM modules into source-based fuzzers through wasm2c. This approach already raises the performance baseline of WebAssembly fuzzing significantly. In our preliminary evaluation, WasmFuzz achieves, on average, more basic blocks per target compared to other WebAssembly fuzzers and seems competitive with native setups like cargo-fuzz (LibFuzzer).

History

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

International Fuzzing Workshop (FUZZING)

Journal

Proceedings of the 3rd ACM International Fuzzing Workshop

Pages

10

Page Range

23-32a

Publisher

Association for Computing Machinery

BibTeX

@conference{Bauckholt:Holz:2024, title = "WebAssembly as a Fuzzing Compilation Target (Registered Report)", author = "Bauckholt, Florian" AND "Holz, Thorsten", year = 2024, month = 9, journal = "Proceedings of the 3rd ACM International Fuzzing Workshop", pages = "23--32a", publisher = "Association for Computing Machinery", doi = "10.1145/3678722.3685531" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC