This repository contains a curated collection of research papers on security topics related to WebAssembly, sourced from top-tier Software Engineering and Security conferences. The aim is to ensure comprehensive coverage of significant publications in the field.
Organizing a literature review for my thesis has been challenging. To streamline the process, I've created this repository to categorize relevant papers. Special thanks to Jianing for providing the initial list of papers.
- Security-Papers-in-WebAssembly
- Harnes, Håkon, and Donn Morrison. "SoK: Analysis Techniques for WebAssembly.", Future Internet, 2024.
RuntimeWang, Yue, et al. "A Comprehensive Study of WebAssembly Runtime Bugs.", SANER, 2023.- Hilbig, Aaron, Daniel Lehmann, and Michael Pradel. "An empirical study of real-world webassembly binaries: Security, languages, use cases.", WWW, 2021.
CompilerRomano, Alan, et al. "An empirical study of bugs in webassembly compilers.", ASE, 2021.- Lehmann, Daniel, Johannes Kinder, and Michael Pradel. "Everything old is new again: Binary security of WebAssembly.", USENIX Security, 2020.
- Musch, Marius, et al. "New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild.", DIMVA, 2019.
- Cabrera-Arteaga, Javier, et al. "Wasm-Mutate: Fast and effective binary diversification for WebAssembly.", Computers & Security, 2024.
- Rao, Xiaojia, et al. "Iris-wasm: Robust and modular verification of webassembly programs.", PLDI, 2023.
- Stiévenart, Quentin, Coen De Roover, and Mohammad Ghafari. "The security risk of lacking compiler protection in WebAssembly.", QRS, 2021.
- Narayan, Shravan, et al. "Swivel: Hardening WebAssembly against spectre.", USENIX Security, 2021.
- Watt, Conrad, et al. "Ct-wasm: type-driven secure cryptography for the web ecosystem.", POPL, 2019.
- Watt, Conrad, Andreas Rossberg, and Jean Pichon-Pharabod. "Weakening webassembly.", OOPSLA, 2019.
- Sun, Jian, et al. "SELWasm: A Code Protection Mechanism for WebAssembly.", ISPA, 2019.
- Lehmann, Daniel, Martin Toldam Torp, and Michael Pradel. "Fuzzm: Finding memory bugs through binary-only instrumentation and fuzzing of webassembly.", arXiv preprint, 2021.
- Lehmann, Daniel, and Michael Pradel. "Wasabi: A framework for dynamically analyzing webassembly.", ASPLOS, 2019.
- Fu, William, Raymond Lin, and Daniel Inge. "Taintassembly: Taint-based information flow control tracking for webassembly.", arXiv preprint, 2018.
- Chen, Weimin, et al. "Wasai: uncovering vulnerabilities in wasm smart contracts.", ISSTA, 2022.
- Brito, Tiago, et al. "Wasmati: An efficient static vulnerability scanner for WebAssembly." Computers & Security, 2022.
- He, Ningyu, et al. "EOSAFE: Security analysis of EOSIO smart contracts.", USENIX Security, 2021.
- Lopes, Pedro Daniel Rogeiro. "Discovering vulnerabilities in webassembly with code property graphs.", Técnico Lisboa, 2021.
- Stiévenart, Quentin, and Coen De Roover. "Compositional information flow analysis for WebAssembly programs.", SCAM, 2020.
- Harnes H, Morrison D. "Cryptic Bytes: WebAssembly Obfuscation for Evading Cryptojacking Detection", arXiv preprint, 2024.
- Cao, Shangtong, et al. "WASMixer: Binary Obfuscation for WebAssembly", ESORICS, 2024
- Cabrera-Arteaga, Javier, et al. "WebAssembly diversification for malware evasion.", Computers & Security, 2023.
- Loose, Nils, et al. "Madvex: Instrumentation-Based Adversarial Attacks on Machine Learning Malware Detection.", DIMVA, 2023.
- Bhansali, Shrenik, et al. "A first look at code obfuscation for webassembly.", WiSec, 2022.
- Xia, Yifan, et al. "Static Semantics Reconstruction for Enhancing JavaScript-WebAssembly Multilingual Malware Detection.", ESORICS, 2023.
- Naseem, Faraz Naseem, et al. "MINOS: A Lightweight Real-Time Cryptojacking Detection System.", NDSS, 2021.
WasmRevHuang H, Zhao J. "Multi-modal Learning for WebAssembly Reverse Engineering", ISSTA, 2024.- Lehmann, Daniel, and Michael Pradel. "Finding the dwarf: recovering precise types from WebAssembly binaries.", PLDI, 2022.
- Lehmann, Daniel, et al. "That’s a Tough Call: Studying the Challenges of Call Graph Construction for WebAssembly.", ISSTA, 2023.
- Romano, Alan, and Weihang Wang. "Automated WebAssembly Function Purpose Identification With Semantics-Aware Analysis.", WWW, 2023.
- Stiévenart, Quentin, David W. Binkley, and Coen De Roover. "Static stack-preserving intra-procedural slicing of webassembly binaries.", ICSE, 2022.
- Cao, Shangtong, et al. "A General Static Binary Rewriting Framework for WebAssembly.", SAS, 2023.
- Stiévenart, Quentin, Coen De Roover, and Mohammad Ghafari. "Security risks of porting c programs to WebAssembly.", SAC. 2022.
CrocusVanHattum, Alexa, et al. "Lightweight, Modular Verification for WebAssembly-to-Native Instruction Selection.", ASPLOS, 2024.PKUWAMPKRuntimeLei, Hanwen, et al. "Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM Applications.", CCS, 2023.RuntimeJohnson, Evan, et al. "WaVe: a verifiably secure WebAssembly sandboxing runtime.", S&P, 2023.- Kolosick, Matthew, et al. "Isolation without taxation: near-zero-cost transitions for webassembly and sfi.", POPL, 2022.
- Bosamiya, Jay, Wen Shih Lim, and Bryan Parno. "Provably-Safe Multilingual Software Sandboxing using WebAssembly.", USENIX Security, 2022.
- Johnson, Evan, et al. "Доверяй, но проверяй: SFI safety for native-compiled Wasm.", NDSS, 2021.
- Narayan, Shravan, et al. "Retrofitting fine grain isolation in the Firefox renderer.", USENIX Security, 2020.
- Han, Jideng, et al. "ESFuzzer: An Efficient Way to Fuzz WebAssembly Interpreter.", Electronics, 2024
EfficiencyWarpDifJiang, Shuyao, et al. "Revealing Performance Issues in Server-side WebAssembly Runtimes via Differential Testing.", ASE, 2023.- Zhou, Shiyao, et al. "WADIFF: A Differential Testing Framework for WebAssembly Runtimes.", ASE, 2023.
- Cao, Shangtong, et al. "WRTester: Differential Testing of WebAssembly Runtimes via Semantic-aware Binary Generation.", arXiv preprint, 2023.
- Jiang, Bo, et al. "Wasmfuzzer: A fuzzer for webassembly virtual machines.", SEKE, 2022.
- Zhang, Yixuan, et al. "Characterizing and detecting webassembly runtime bugs.", TSEM, 2023.
WasmFXPhipps-Costin, Luna, et al. "Continuing WebAssembly with Effect Handlers.", OOPSLA, 2023.- Watt, Conrad, et al. "WasmRef-Isabelle: A Verified Monadic Interpreter and Industrial Fuzzing Oracle for WebAssembly.", PLDI, 2023.
- Romano, Alan, and Weihang Wang. "When Function Inlining Meets WebAssembly: Counterintuitive Impacts on Runtime Performance.", FSE, 2023.
- Liu, Zhibo, et al. "Exploring missed optimizations in webassembly optimizers.", ISSTA, 2023.
- Titzer, Ben L. "A fast in-place interpreter for WebAssembly.", OOPSLA, 2022.
- Jangda, Abhinav, et al. "Not so fast: Analyzing the performance of WebAssembly vs. native code.", USENIX ATC, 2019.
*There are a lot of papers in this direction that are not listed in this repo.
- Wang, Yuanpeng, et al. "Symgx: Detecting cross-boundary pointer vulnerabilities of sgx applications via static symbolic execution.", CCS, 2023
- He, Ningyu, et al. "Eunomia: enabling user-specified fine-grained search in symbolically executing WebAssembly binaries.", ISSTA, 2023.
- Romano, Alan, et al. "Wobfuscator: Obfuscating javascript malware via opportunistic translation to webassembly.", S&P, 2022.