loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Emmanuele Massidda ; Lorenzo Pisu ; Davide Maiorca and Giorgio Giacinto

Affiliation: Department of Electronic and Computer Engineering, University of Cagliari, Italy

Keyword(s): Web Assembly, Wasm, Software Security, Web Security.

Abstract: WebAssembly (Wasm) has emerged as a novel approach for integrating binaries into web applications starting from various programming languages such as C, Rust and Python. Despite the numerous claims about its memory safety, issues such as buffer overflow, format strings, use after free, and integer overflow have resurfaced within Wasm. These vulnerabilities can be used to impact web application security, potentially leading to critical issues like Cross-Site Scripting (XSS) and Remote Code Execution (RCE). Our work aims to demonstrate how memory-related vulnerabilities in C codes, when compiled into Wasm, can be exploited for XSS and RCE. Our methodology proposes proof of concepts related to exploiting important stack- and heap-based vulnerabilities. In particular, we demonstrate for the first time that specific vulnerabilities (such as format string) can be effectively employed to achieve arbitrary read and write in Wasm contexts. Our results pose serious concerns about the reliabili ty of Wasm in terms of memory safety, which we believe should be addressed in the next releases. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.145.102.18

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Massidda, E.; Pisu, L.; Maiorca, D. and Giacinto, G. (2024). Bringing Binary Exploitation at Port 80: Understanding C Vulnerabilities in WebAssembly. In Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-709-2; ISSN 2184-7711, SciTePress, pages 552-559. DOI: 10.5220/0012852400003767

@conference{secrypt24,
author={Emmanuele Massidda. and Lorenzo Pisu. and Davide Maiorca. and Giorgio Giacinto.},
title={Bringing Binary Exploitation at Port 80: Understanding C Vulnerabilities in WebAssembly},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT},
year={2024},
pages={552-559},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012852400003767},
isbn={978-989-758-709-2},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT
TI - Bringing Binary Exploitation at Port 80: Understanding C Vulnerabilities in WebAssembly
SN - 978-989-758-709-2
IS - 2184-7711
AU - Massidda, E.
AU - Pisu, L.
AU - Maiorca, D.
AU - Giacinto, G.
PY - 2024
SP - 552
EP - 559
DO - 10.5220/0012852400003767
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic