Shangtong Cao,Ningyu He,Xinyu She,Yixuan Zhang,Mu Zhang,Haoyu Wang

DOI: https://doi.org/10.1145/3650212.3680358

2024-01-01

Abstract:Wasm runtime is a fundamental component in the Wasm ecosystem, as it directly impacts whether Wasm applications can be executed as expected. Bugs in Wasm runtime bugs are frequently reported, thus our research community has made a few attempts to design automated testing frameworks for detecting bugs in Wasm runtimes. However, existing testing frameworks are limited by the quality of test cases, i.e., they face challenges of generating both semantic-rich and syntactic-correct Wasm binaries, thus complicated bugs cannot be triggered. In this work, we present WRTester, a novel differential testing framework that can generated complicated Wasm test cases by disassembling and assembling of real-world Wasm binaries, which can trigger hidden inconsistencies among Wasm runtimes. For further pinpointing the root causes of unexpected behaviors, we design a runtime-agnostic root cause location method to accurately locate bugs. Extensive evaluation suggests that WRTester outperforms SOTA techniques in terms of both efficiency and effectiveness. We have uncovered 33 unique bugs in popular Wasm runtimes, among which 25 have been confirmed.

Shangtong Cao,Ningyu He,Xinyu She,Yixuan Zhang,Mu Zhang,Haoyu Wang

2023-12-16

Abstract:Wasm runtime is a fundamental component in the Wasm ecosystem, as it directly impacts whether Wasm applications can be executed as expected. Bugs in Wasm runtime bugs are frequently reported, thus our research community has made a few attempts to design automated testing frameworks for detecting bugs in Wasm runtimes. However, existing testing frameworks are limited by the quality of test cases, i.e., they face challenges of generating both semantic-rich and syntactic-correct Wasm binaries, thus complicated bugs cannot be triggered. In this work, we present WRTester, a novel differential testing framework that can generated complicated Wasm test cases by disassembling and assembling of real-world Wasm binaries, which can trigger hidden inconsistencies among Wasm runtimes. For further pinpointing the root causes of unexpected behaviors, we design a runtime-agnostic root cause location method to accurately locate bugs. Extensive evaluation suggests that WRTester outperforms SOTA techniques in terms of both efficiency and effectiveness. We have uncovered 33 unique bugs in popular Wasm runtimes, among which 25 have been confirmed.

Software Engineering

Jinyan Xu,Yiyuan Liu,Sirui He,Haoran Lin,Yajin Zhou,Cong Wang

DOI: https://doi.org/10.5281/zenodo.8024468

2023-01-01

Abstract:Modern processors are too complex to be bug free. Recently, a few hardware fuzzing techniques have shown promising results in verifying processor designs. However, due to the complexity of processors, they suffer from complex input grammar, deceptive mutation guidance, and model implementation differences. Therefore, how to effectively and efficiently verify processors is still an open problem. This paper proposes MorFuzz, a novel processor fuzzer that can efficiently discover software triggerable hardware bugs. The core idea behind MorFuzz is to use runtime information to generate instruction streams with valid formats and meaningful semantics. MorFuzz designs a new input structure to provide multi-level runtime mutation primitives and proposes the instruction morphing technique to mutate instruction dynamically. Besides, we also extend the co-simulation framework to various microarchitectures and develop the state synchronization technique to eliminate implementation differences. We evaluate MorFuzz on three popular open-source RISC-V processors: CVA6, Rocket, BOOM, and discover 17 new bugs (with 13 CVEs assigned). Our evaluation shows MorFuzz achieves 4.4x and 1.6x more state coverage than the state-of-the-art fuzzer, DifuzzRTL, and the famous constrained instruction generator, riscv-dv.

Javier Cabrera-Arteaga,Nicholas Fitzgerald,Martin Monperrus,Benoit Baudry

DOI: https://doi.org/10.1016/j.cose.2024.103731

IF: 5.105

2024-01-27

Computers & Security

Abstract:WebAssembly is the fourth officially endorsed Web language. It is recognized because of its efficiency and design, focused on security. Yet, its swiftly expanding ecosystem lacks robust software diversification systems. We introduce Wasm-Mutate , a diversification engine specifically designed for WebAssembly. Our engine meets several essential criteria: 1) To quickly generate functionally identical, yet behaviorally diverse, WebAssembly variants, 2) To be universally applicable to any WebAssembly program, irrespective of the source programming language, and 3) Generated variants should counter side-channels. By leveraging an e-graph data structure, Wasm-Mutate is implemented to meet both speed and efficacy. We evaluate Wasm-Mutate by conducting experiments on 404 programs, which include real-world applications. Our results highlight that Wasm-Mutate can produce tens of thousands of unique and efficient WebAssembly variants within minutes. Significantly, Wasm-Mutate can safeguard WebAssembly binaries against timing side-channel attacks, especially those of the Spectre type.

computer science, information systems

Shiyao Zhou,Muhui Jiang,Weimin Chen,Hao Zhou,Haoyu Wang,Xiapu Luo

DOI: https://doi.org/10.1109/ase56229.2023.00188

2024-01-01

Abstract:WebAssembly (Wasm) runtime provides a virtual machine that can execute the WebAssembly modules and is widely used in different areas (e.g., browsers, edge computing, blockchain). Thus, the precision and reliability of the WebAssembly runtime are important and deserve our attention. To ensure the correctness and detect potential bugs in WebAssembly runtimes, we propose WADIFF, a differential testing framework, which consists of a sufficient test case generator and a deterministic differential testing engine. To evaluate the effectiveness of WADIFF, we apply it to seven popular WebAssembly runtimes and found 417 inconsistent instructions due to bugs and different implementations in the runtimes. Furthermore, we identify 21 bugs from 7 WebAssembly runtimes, and 8 of them are confirmed by their developers.

Dandan Xu,Kai Chen,Miaoqian Lin,Chaoyang Lin,XiaoFeng Wang

DOI: https://doi.org/10.1109/tifs.2023.3322319

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Capture-the-flag (CTF) competitions have become highly successful in security education, and heap corruption is considered one of the most difficult and rewarding challenges due to its complexity and real-world impact. However, developing a heap exploit is a challenging task that often requires significant human involvement to manipulate memory layouts and bypass security checks. To facilitate the exploitation of heap corruption, existing solutions develop automated systems that rely on manually crafted patterns to generate exploits. Such manual patterns tend to be specific, which limits their flexibility to cope with the evolving exploit techniques. To address this limitation, we explore the problem of the automatic summarization of exploit patterns. We leverage an observation that public attack artifacts provide key insights into heap exploits. Based upon this observation, we develop AutoPwn, the first artifact-assisted AEG system that automatically summarizes exploit patterns from artifacts of known heap exploits and uses them to guide the exploitation of new programs. Considering the diversity of programs and exploits, we propose to use a novel Exploitation State Machine (ESM), with generic states and transitions to model the exploit patterns, and then efficiently construct it through combining the dynamic monitoring of exploits and the semantic analysis of their text descriptions. We implement a prototype of AutoPwn and evaluate it on 96 testing CTF binaries. The results show that AutoPwn produces 22 successful exploits and 13 partial exploits, preliminarily demonstrating its efficacy.

Yixuan Zhang,Shangtong Cao,Haoyu Wang,Zhenpeng Chen,Xiapu Luo,Dongliang Mu,Yun Ma,Gang Huang,Xuanzhe Liu

DOI: https://doi.org/10.48550/arXiv.2301.12102

2023-01-28

Abstract:WebAssembly (abbreviated WASM) has emerged as a promising language of the Web and also been used for a wide spectrum of software applications such as mobile applications and desktop applications. These applications, named as WASM applications, commonly run in WASM runtimes. Bugs in WASM runtimes are frequently reported by developers and cause the crash of WASM applications. However, these bugs have not been well studied. To fill in the knowledge gap, we present a systematic study to characterize and detect bugs in WASM runtimes. We first harvest a dataset of 311 real-world bugs from hundreds of related posts on GitHub. Based on the collected high-quality bug reports, we distill 31 bug categories of WASM runtimes and summarize their common fix strategies. Furthermore, we develop a pattern-based bug detection framework to automatically detect bugs in WASM runtimes. We apply the detection framework to five popular WASM runtimes and successfully uncover 53 bugs that have never been reported previously, among which 14 have been confirmed and 6 have been fixed by runtime developers.

Software Engineering

Shuyao Jiang,Ruiying Zeng,Zihao Rao,Jiazhen Gu,Yangfan Zhou,Michael R. Lyu

2023-09-21

Abstract:WebAssembly (Wasm) is a bytecode format originally serving as a compilation target for Web applications. It has recently been used increasingly on the server side, e.g., providing a safer, faster, and more portable alternative to Linux containers. With the popularity of server-side Wasm applications, it is essential to study performance issues (i.e., abnormal latency) in Wasm runtimes, as they may cause a significant impact on server-side applications. However, there is still a lack of attention to performance issues in server-side Wasm runtimes. In this paper, we design a novel differential testing approach WarpDiff to identify performance issues in server-side Wasm runtimes. The key insight is that in normal cases, the execution time of the same test case on different Wasm runtimes should follow an oracle ratio. We identify abnormal cases where the execution time ratio significantly deviates from the oracle ratio and subsequently locate the Wasm runtimes that cause the performance issues. We apply WarpDiff to test five popular server-side Wasm runtimes using 123 test cases from the LLVM test suite and demonstrate the top 10 abnormal cases we identified. We further conduct an in-depth analysis of these abnormal cases and summarize seven performance issues, all of which have been confirmed by the developers. We hope our work can inspire future investigation on improving Wasm runtime implementation and thus promoting the development of server-side Wasm applications.

Software Engineering

Ben L. Titzer,Elizabeth Gilbert,Bradley Wei Jie Teo,Yash Anand,Kazuyuki Takayama,Heather Miller

2024-03-13

Abstract:A key strength of managed runtimes over hardware is the ability to gain detailed insight into the dynamic execution of programs with instrumentation. Analyses such as code coverage, execution frequency, tracing, and debugging, are all made easier in a virtual setting. As a portable, low-level bytecode, WebAssembly offers inexpensive in-process sandboxing with high performance. Yet to date, Wasm engines have not offered much insight into executing programs, supporting at best bytecode-level stepping and basic source maps, but no instrumentation capabilities. In this paper, we show the first non-intrusive dynamic instrumentation system for WebAssembly in the open-source Wizard Research Engine. Our innovative design offers a flexible, complete hierarchy of instrumentation primitives that support building high-level, complex analyses in terms of low-level, programmable probes. In contrast to emulation or machine code instrumentation, injecting probes at the bytecode level increases expressiveness and vastly simplifies the implementation by reusing the engine's JIT compiler, interpreter, and deoptimization mechanism rather than building new ones. Wizard supports both dynamic instrumentation insertion and removal while providing consistency guarantees, which is key to composing multiple analyses without interference. We detail a fully-featured implementation in a high-performance multi-tier Wasm engine, show novel optimizations specifically designed to minimize instrumentation overhead, and evaluate performance characteristics under load from various analyses. This design is well-suited for production engine adoption as probes can be implemented to have no impact on production performance when not in use.

Programming Languages

Tiago Brito,Pedro Lopes,Nuno Santos,José Fragoso Santos

DOI: https://doi.org/10.1016/j.cose.2022.102745

2022-04-01

Abstract:WebAssembly is a new binary instruction format that allows targeted compiled code written in high-level languages to be executed with near-native speed by the browser's JavaScript engine. However, given that WebAssembly binaries can be compiled from unsafe languages like C/C++, classical code vulnerabilities such as buffer overflows or format strings can be transferred over from the original programs down to the cross-compiled binaries. As a result, this possibility of incorporating vulnerabilities in WebAssembly modules has widened the attack surface of modern web applications. This paper presents Wasmati, a static analysis tool for finding security vulnerabilities in WebAssembly binaries. It is based on the generation of a code property graph (CPG), a program representation previously adopted for detecting vulnerabilities in various languages but hitherto unapplied to WebAssembly. We formalize the definition of CPG for WebAssembly, introduce techniques to generate CPG for complex WebAssembly, and present four different query specification languages for finding vulnerabilities by traversing a program's CPG. We implemented ten queries capturing different vulnerability types and extensively tested Wasmati on four heterogeneous datasets. We show that Wasmati can scale the generation of CPGs for large real-world applications and can efficiently find vulnerabilities for all our query types. We have also tested our tool on WebAssembly binaries collected in the wild and identified several potential vulnerabilities, some of which we have manually confirmed to exist unless the enclosing application properly sanitizes the interaction with such affected binaries.

computer science, information systems

Jideng Han,Zhaoxin Zhang,Yuejin Du,Wei Wang,Xiuyuan Chen

DOI: https://doi.org/10.3390/electronics13081498

IF: 2.9

2024-04-15

Electronics

Abstract:WebAssembly code is designed to run in a sandboxed environment, such as a web browser, providing a high level of security and isolation from the underlying operating system and hardware. This enables the execution of untrusted code in a web browser without compromising the security and integrity of the user's system. This paper discusses the challenges associated with using fuzzing tools to identify vulnerabilities or bugs in WebAssembly interpreters. Our approach, known as ESFuzzer, introduces an efficient method for fuzzing WebAssembly interpreters using an Equivalent-Statement concept and the Stack Repair Algorithm. The samples generated by our approach successfully passed code validation. In addition, we developed effective mutation strategies to enhance the efficacy of our approach. ESFuzzer has demonstrated its ability to generate code that achieves 100% WebAssembly validation testing and achieves code coverage that is more than twice that of libFuzzer. Furthermore, the 24-h experiment results show that ESFuzzer performs ten times more efficiently than libFuzzer.

engineering, electrical & electronic,computer science, information systems,physics, applied

Daniel Lehmann,Martin Toldam Torp,Michael Pradel

DOI: https://doi.org/10.48550/arXiv.2110.15433

2021-10-29

Abstract:WebAssembly binaries are often compiled from memory-unsafe languages, such as C and C++. Because of WebAssembly's linear memory and missing protection features, e.g., stack canaries, source-level memory vulnerabilities are exploitable in compiled WebAssembly binaries, sometimes even more easily than in native code. This paper addresses the problem of detecting such vulnerabilities through the first binary-only fuzzer for WebAssembly. Our approach, called Fuzzm, combines canary instrumentation to detect overflows and underflows on the stack and the heap, an efficient coverage instrumentation, a WebAssembly VM, and the input generation algorithm of the popular AFL fuzzer. Besides as an oracle for fuzzing, our canaries also serve as a stand-alone binary hardening technique to prevent the exploitation of vulnerable binaries in production. We evaluate Fuzzm with 28 real-world WebAssembly binaries, some compiled from source and some found in the wild without source code. The fuzzer explores thousands of execution paths, triggers dozens of crashes, and performs hundreds of program executions per second. When used for binary hardening, the approach prevents previously published exploits against vulnerable WebAssembly binaries while imposing low runtime overhead.

Cryptography and Security,Software Engineering

Léo Andrès,Filipe Marques,Arthur Carcano,Pierre Chambart,José Fragoso Santos,Jean-Christophe Filliâtre

DOI: https://doi.org/10.22152/programming-journal.org/2025/9/3

2024-12-09

Abstract:In this paper, we present the design of Owi, a symbolic interpreter for WebAssembly written in OCaml, and how we used it to create a state-of-the-art tool to find bugs in programs combining C and Rust code. WebAssembly (Wasm) is a binary format for executable programs. Originally intended for web applications, Wasm is also considered a serious alternative for server-side runtimes and embedded systems due to its performance and security benefits. Despite its security guarantees and sandboxing capabilities, Wasm code is still vulnerable to buffer overflows and memory leaks, which can lead to exploits on production software. To help prevent those, different techniques can be used, including symbolic execution. Owi is built around a modular, monadic interpreter capable of both normal and symbolic execution of Wasm programs. Monads have been identified as a way to write modular interpreters since 1995 and this strategy has allowed us to build a robust and performant symbolic execution tool which our evaluation shows to be the best currently available for Wasm. Moreover, because WebAssembly is a compilation target for multiple languages (such as Rust and C), Owi can be used to find bugs in C and Rust code, as well as in codebases mixing the two. We demonstrate this flexibility through illustrative examples and evaluate its scalability via comprehensive experiments using the 2024 Test-Comp benchmarks. Results show that Owi achieves comparable performance to state-of-the-art tools like KLEE and Symbiotic, and exhibits advantages in specific scenarios where KLEE's approximations could lead to false negatives.

Programming Languages

Ningyu He,Zhehao Zhao,Hanqin Guan,Jikai Wang,Shuo Peng,Ding Li,Haoyu Wang,Xiangqun Chen,Yao Guo

2024-08-16

Abstract:WebAssembly (Wasm), as a compact, fast, and isolation-guaranteed binary format, can be compiled from more than 40 high-level programming languages. However, vulnerabilities in Wasm binaries could lead to sensitive data leakage and even threaten their hosting environments. To identify them, symbolic execution is widely adopted due to its soundness and the ability to automatically generate exploitations. However, existing symbolic executors for Wasm binaries are typically platform-specific, which means that they cannot support all Wasm features. They may also require significant manual interventions to complete the analysis and suffer from efficiency issues as well. In this paper, we propose an efficient and fully-functional symbolic execution engine, named SeeWasm. Compared with existing tools, we demonstrate that SeeWasm supports full-featured Wasm binaries without further manual intervention, while accelerating the analysis by 2 to 6 times. SeeWasm has been adopted by existing works to identify more than 30 0-day vulnerabilities or security issues in well-known C, Go, and SGX applications after compiling them to Wasm binaries.

Cryptography and Security,Software Engineering

Xinyue Liu,Zihe Song,Weike Fang,Wei Yang,Weihang Wang

2024-02-15

Abstract:Web end-to-end (e2e) testing evaluates the workflow of a web application. It simulates real-world user scenarios to ensure the application flows behave as expected. However, web e2e tests are notorious for being flaky, i.e., the tests can produce inconsistent results despite no changes to the code. One common type of flakiness is caused by nondeterministic execution orders between the test code and the client-side code under test. In particular, UI-based flakiness emerges as a notably prevalent and challenging issue to fix because the test code has limited knowledge about the client-side code execution. In this paper, we propose WEFix, a technique that can automatically generate fix code for UI-based flakiness in web e2e testing. The core of our approach is to leverage browser UI changes to predict the client-side code execution and generate proper wait oracles. We evaluate the effectiveness and efficiency of WEFix against 122 web e2e flaky tests from seven popular real-world projects. Our results show that WEFix dramatically reduces the overhead (from 3.7$\times$ to 1.25$\times$) while achieving a high correctness (98%).

Software Engineering

Chenxi Mao,Yuxin Su,Shiwen Shan,Dan Li

2024-09-16

Abstract:WebAssembly (Wasm) is a low-level bytecode format that can run in modern browsers. With the development of standalone runtimes and the improvement of the WebAssembly System Interface (WASI), Wasm has further provided a more complete sandboxed runtime experience for server-side applications, effectively expanding its application scenarios. However, the implementation of WASI varies across different runtimes, and suboptimal interface implementations can lead to performance degradation during interactions between the runtime and the operating system. Existing research mainly focuses on overall performance evaluation of runtimes, while studies on WASI implementations are relatively scarce. To tackle this problem, we propose an eBPF-based WASI performance analysis framework. It collects key performance metrics of the runtime under different I/O load conditions, such as total execution time, startup time, WASI execution time, and syscall time. We can comprehensively analyze the performance of the runtime's I/O interactions with the operating system. Additionally, we provide a detailed analysis of the causes behind two specific WASI performance anomalies. These analytical results will guide the optimization of standalone runtimes and WASI implementations, enhancing their efficiency.

Software Engineering

Antonio Nappa,Panagiotis Papadopoulos,Matteo Varvello,Daniel Aceituno Gomez,Juan Tapiador,Andrea Lanzi

DOI: https://doi.org/10.48550/arXiv.2109.02979

2021-10-06

Abstract:Online malware scanners are one of the best weapons in the arsenal of cybersecurity companies and researchers. A fundamental part of such systems is the sandbox that provides an instrumented and isolated environment (virtualized or emulated) for any user to upload and run unknown artifacts and identify potentially malicious behaviors. The provided API and the wealth of information inthe reports produced by these services have also helped attackers test the efficacy of numerous techniques to make malware hard to <a class="link-external link-http" href="http://detect.The" rel="external noopener nofollow">this http URL</a> most common technique used by malware for evading the analysis system is to monitor the execution environment, detect the presence of any debugging artifacts, and hide its malicious behavior if needed. This is usually achieved by looking for signals suggesting that the execution environment does not belong to a the native machine, such as specific memory patterns or behavioral traits of certain CPU instructions. In this paper, we show how an attacker can evade detection on such online services by incorporating a Proof-of-Work (PoW) algorithm into a malware sample. Specifically, we leverage the asymptotic behavior of the computational cost of PoW algorithms when they run on some classes of hardware platforms to effectively detect a non bare-metal environment of the malware sandbox analyzer. To prove the validity of this intuition, we design and implement the POW-HOW framework, a tool to automatically implement sandbox detection strategies and embed a test evasion program into an arbitrary malware sample. Our empirical evaluation shows that the proposed evasion technique is durable, hard to fingerprint, and reduces existing malware detection rate by a factor of 10. Moreover, we show how bare-metal environments cannot scale with actual malware submissions rates for consumer services.

Cryptography and Security

Yixuan Zhang,Mugeng Liu,Haoyu Wang,Yun Ma,Gang Huang,Xuanzhe Liu

2024-10-22

Abstract:WebAssembly (abbreviated as Wasm) was initially introduced for the Web but quickly extended its reach into various domains beyond the Web. To create Wasm applications, developers can compile high-level programming languages into Wasm binaries or manually convert equivalent textual formats into Wasm binaries. Regardless of whether it is utilized within or outside the Web, the execution of Wasm binaries is supported by the Wasm runtime. Such a runtime provides a secure, memory-efficient, and sandboxed execution environment designed explicitly for Wasm applications. This paper provides a comprehensive survey of research on WebAssembly runtimes. It covers 98 articles on WebAssembly runtimes and characterizes existing studies from two different angles, including the "internal" research of Wasm runtimes(Wasm runtime design, testing, and analysis) and the "external" research(applying Wasm runtimes to various domains). This paper also proposes future research directions about WebAssembly runtimes.

Software Engineering

Jämes Ménétrey,Marcelo Pasin,Pascal Felber,Valerio Schiavoni,Giovanni Mazzeo,Arne Hollum,Darshan Vaydia

DOI: https://doi.org/10.1109/TDSC.2023.3334516

2023-12-15

Abstract:In real-world scenarios, trusted execution environments (TEEs) frequently host applications that lack the trust of the infrastructure provider, as well as data owners who have specifically outsourced their data for remote processing. We present Twine, a trusted runtime for running WebAssembly-compiled applications within TEEs, establishing a two-way sandbox. Twine leverages memory safety guarantees of WebAssembly (Wasm) and abstracts the complexity of TEEs, empowering the execution of legacy and language-agnostic applications. It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O. Additionally, through built-in TEE mechanisms, Twine delivers attestation capabilities to ensure the integrity of the runtime and the OS services supplied to the application. We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions. A case study involving fintech company Credora reveals that Twine can be deployed in production with reasonable performance trade-offs, ranging from a 0.7x slowdown to a 1.17x speedup compared to native run time. Finally, we identify performance improvement through library optimisation, showcasing one such adjustment that leads up to 4.1x speedup. Twine is open-source and has been upstreamed into the original Wasm runtime, WAMR.

Cryptography and Security,Performance,Programming Languages

Shangtong Cao,Ningyu He,Yao Guo,Haoyu Wang

2023-08-06

Abstract:WebAssembly (Wasm) is an emerging binary format that draws great attention from our community. However, Wasm binaries are weakly protected, as they can be read, edited, and manipulated by adversaries using either the officially provided readable text format (i.e., wat) or some advanced binary analysis tools. Reverse engineering of Wasm binaries is often used for nefarious intentions, e.g., identifying and exploiting both classic vulnerabilities and Wasm specific vulnerabilities exposed in the binaries. However, no Wasm-specific obfuscator is available in our community to secure the Wasm binaries. To fill the gap, in this paper, we present WASMixer, the first general-purpose Wasm binary obfuscator, enforcing data-level (string literals and function names) and code-level (control flow and instructions) obfuscation for Wasm binaries. We propose a series of key techniques to overcome challenges during Wasm binary rewriting, including an on-demand decryption method to minimize the impact brought by decrypting the data in memory area, and code splitting/reconstructing algorithms to handle structured control flow in Wasm. Extensive experiments demonstrate the correctness, effectiveness and efficiency of WASMixer. Our research has shed light on the promising direction of Wasm binary research, including Wasm code protection, Wasm binary diversification, and the attack-defense arm race of Wasm binaries.

Cryptography and Security