English
Related papers

Related papers: TaintAssembly: Taint-Based Information Flow Contro…

200 papers

Dynamic taint analysis (DTA), as a fundamental analysis technique, is widely used in security, privacy, and diagnosis, etc. As DTA demands to collect and analyze massive taint data online, it suffers extremely high runtime overhead. Over…

Cryptography and Security · Computer Science 2024-02-28 Yiyu Zhang , Tianyi Liu , Yueyang Wang , Yun Qi , Kai Ji , Jian Tang , Xiaoliang Wang , Xuandong Li , Zhiqiang Zuo

WebAssembly (Wasm) is a low-level bytecode language and virtual machine, intended as a compilation target for a wide range of programming languages, which is seeing increasing adoption across diverse ecosystems. As a young technology, Wasm…

Wasm runtime is a fundamental component in the Wasm ecosystem, as it directly impacts whether Wasm applications can be executed as expected. Bugs in Wasm runtime bugs are frequently reported, thus our research community has made a few…

Software Engineering · Computer Science 2023-12-19 Shangtong Cao , Ningyu He , Xinyu She , Yixuan Zhang , Mu Zhang , Haoyu Wang

Performance models are well-known instruments to understand the scaling behavior of parallel applications. They express how performance changes as key execution parameters, such as the number of processes or the size of the input problem,…

Distributed, Parallel, and Cluster Computing · Computer Science 2021-01-01 Marcin Copik , Alexandru Calotoiu , Tobias Grosser , Nicolas Wicki , Felix Wolf , Torsten Hoefler

Static analysis is a powerful tool for detecting security vulnerabilities and other programming problems. Global taint tracking, in particular, can spot vulnerabilities arising from complicated data flow across multiple functions. However,…

Software Engineering · Computer Science 2023-01-26 Yiu Wai Chow , Max Schäfer , Michael Pradel

WebAssembly binaries are often compiled from memory-unsafe languages, such as C and C++. Because of WebAssembly's linear memory and missing protection features, e.g., stack canaries, source-level memory vulnerabilities are exploitable in…

Cryptography and Security · Computer Science 2021-11-01 Daniel Lehmann , Martin Toldam Torp , Michael Pradel

In this paper, we present the design of Owi, a symbolic interpreter for WebAssembly written in OCaml, and how we used it to create a state-of-the-art tool to find bugs in programs combining C and Rust code. WebAssembly (Wasm) is a binary…

Programming Languages · Computer Science 2024-12-10 Léo Andrès , Filipe Marques , Arthur Carcano , Pierre Chambart , José Fragoso Santos , Jean-Christophe Filliâtre

Information flows are intrinsic properties of an multi-stage manufacturing systems (MMS). In computer security, a basic information flow tracking technique is dynamic taint analysis (DTA). DTA tracks taint propagation from one data variable…

Cryptography and Security · Computer Science 2021-09-28 Tao Liu , Bowen Yang , Qi Li , Jin Ye , Wenzhan Song , Peng Liu

WebAssembly enables near-native execution in web applications and is increasingly adopted for tasks that demand high performance and robust security. However, its assembly-like syntax, implicit stack machine, and low-level data types make…

Software Engineering · Computer Science 2024-06-10 Weike Fang , Zhejian Zhou , Junzhou He , Weihang Wang

Over the years, static taint analysis emerged as the analysis of choice to detect some of the most common web application vulnerabilities, such as SQL injection (SQLi) and cross-site scripting (XSS)~\cite{OWASP}. Furthermore, from an…

Programming Languages · Computer Science 2021-03-31 Nicholas Allen , François Gauthier , Alexander Jordan

Large Language Models (LLMs) are rapidly becoming commodity components of larger software systems. This poses natural security and privacy problems: poisoned data retrieved from one component can change the model's behavior and compromise…

This study investigates the potential of WebAssembly as a more secure and efficient alternative to Linux containers for executing untrusted code in cloud computing with Kubernetes. Specifically, it evaluates the security and performance…

Cryptography and Security · Computer Science 2024-11-07 Jasper Alexander Wiegratz

The inherent determinism of blockchain technology poses a significant challenge to generating secure random numbers within smart contracts, leading to exploitable vulnerabilities, particularly in decentralized finance (DeFi) ecosystems and…

Cryptography and Security · Computer Science 2025-10-22 Hadis Rezaei , Ahmed Afif Monrat , Karl Andersson , Francesco Flammini

The diversity of web configuration interfaces for IoT devices has exacerbated issues such as inadequate permission controls and insecure interfaces, resulting in various vulnerabilities. Owing to the varying interface configurations across…

Cryptography and Security · Computer Science 2025-04-02 Jiahui Xiang , Lirong Fu , Tong Ye , Peiyu Liu , Huan Le , Liming Zhu , Wenhai Wang

Text anomaly detection is crucial for identifying spam, misinformation, and offensive language in natural language processing tasks. Despite the growing adoption of embedding-based methods, their effectiveness and generalizability across…

Computation and Language · Computer Science 2025-05-26 Yang Cao , Sikun Yang , Chen Li , Haolong Xiang , Lianyong Qi , Bo Liu , Rongsheng Li , Ming Liu

Dynamic taint analysis (DTA) has been widely used in various security-relevant scenarios that need to track the runtime information flow of programs. Dynamic binary instrumentation (DBI) is a prevalent technique in achieving effective…

Cryptography and Security · Computer Science 2021-11-09 Xiao Kan , Cong Sun , Shen Liu , Yongzhe Huang , Gang Tan , Siqi Ma , Yumei Zhang

Binary rewriting is a widely adopted technique in software analysis. WebAssembly (Wasm), as an emerging bytecode format, has attracted great attention from our community. Unfortunately, there is no general-purpose binary rewriting framework…

Software Engineering · Computer Science 2023-05-03 Shangtong Cao , Ningyu He , Yao Guo , Haoyu Wang

We introduce Wasm Logic, a sound program logic for first-order, encapsulated WebAssembly. We design a novel assertion syntax, tailored to WebAssembly's stack-based semantics and the strong guarantees given by WebAssembly's type system, and…

Programming Languages · Computer Science 2020-05-22 Conrad Watt , Petar Maksimović , Neelakantan R. Krishnaswami , Philippa Gardner

Taint analysis using explicit whole-program data-dependence graphs is powerful for vulnerability discovery but faces two major challenges. First, accurately modeling taint propagation through calls to external library procedures requires…

Software Engineering · Computer Science 2025-06-09 Sedick David Baker Effendi , Xavier Pinho , Andrei Michael Dreyer , Fabian Yamaguchi

WebAssembly (WASM) is an immensely versatile and increasingly popular compilation target. It executes applications written in several languages (e.g., C/C++) with near-native performance in various domains (e.g., mobile, edge, cloud).…

Programming Languages · Computer Science 2024-12-20 Martin Fink , Dimitrios Stavrakakis , Dennis Sprokholt , Soham Chakraborty , Jan-Erik Ekberg , Pramod Bhatotia