Fuzzing WebAssembly compilers using optimization rules최적화 규칙을 사용한 웹 어셈블리 컴파일러 퍼징
WebAssembly is a new programming language that is supported by modern Web browsers. It is gaining attention for its safety, portability, and high performance. WebAssembly runtimes boost speed by compiling the programs into machine code, but bugs in the compilers can break an application developer’s assumptions or induce a security problem by allowing attackers to escape the sandbox. In this research, we propose ORGFuzz, a new differential fuzzer for WebAssembly compilers. Our fuzzer efficiently tests optimization routines by generating test cases with the guidance of compiler optimization rules. Also, we propose a differential fuzzing-aware test case generation method that exposes semantic bugs to the results. With these two methods, ORGFuzz achieved 91.39% rule coverage on optimization rules, finding a total of 10 previously unknown bugs in two engines including one CVE.
- Advisors
- 윤인수researcher
- Description
- 한국과학기술원 :정보보호대학원,
- Publisher
- 한국과학기술원
- Issue Date
- 2024
- Identifier
- 325007
- Language
- eng
- Description
학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2024.2,[v, 36 p. :]
- Keywords
퍼징▼a컴파일러 테스팅▼a웹 어셈블리; Fuzzing▼aCompiler testing▼aWebAssembly
- Appears in Collection
- IS-Theses_Master(석사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.