SciTePress - Publication Details

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Bringing Binary Exploitation at Port 80: Understanding C Vulnerabilities in WebAssembly

Topics: Software Security; Web Security and Privacy

In Proceedings of the 21st International Conference on Security and Cryptography SECRYPT - Volume 1, 552-559, 2024 , Dijon, France

Authors: Emmanuele Massidda ; Lorenzo Pisu ; Davide Maiorca and Giorgio Giacinto

Affiliation: Department of Electronic and Computer Engineering, University of Cagliari, Italy

Keyword(s): Web Assembly, Wasm, Software Security, Web Security.

Abstract: WebAssembly (Wasm) has emerged as a novel approach for integrating binaries into web applications starting from various programming languages such as C, Rust and Python. Despite the numerous claims about its memory safety, issues such as buffer overflow, format strings, use after free, and integer overflow have resurfaced within Wasm. These vulnerabilities can be used to impact web application security, potentially leading to critical issues like Cross-Site Scripting (XSS) and Remote Code Execution (RCE). Our work aims to demonstrate how memory-related vulnerabilities in C codes, when compiled into Wasm, can be exploited for XSS and RCE. Our methodology proposes proof of concepts related to exploiting important stack- and heap-based vulnerabilities. In particular, we demonstrate for the first time that specific vulnerabilities (such as format string) can be effectively employed to achieve arbitrary read and write in Wasm contexts. Our results pose serious concerns about the reliabili ty of Wasm in terms of memory safety, which we believe should be addressed in the next releases. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 142.171.178.55

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Massidda, E.; Pisu, L.; Maiorca, D. and Giacinto, G. (2024). Bringing Binary Exploitation at Port 80: Understanding C Vulnerabilities in WebAssembly. In Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-709-2; ISSN 2184-7711, SciTePress, pages 552-559. DOI: 10.5220/0012852400003767

@conference{secrypt24,
author={Emmanuele Massidda. and Lorenzo Pisu. and Davide Maiorca. and Giorgio Giacinto.},
title={Bringing Binary Exploitation at Port 80: Understanding C Vulnerabilities in WebAssembly},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT},
year={2024},
pages={552-559},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012852400003767},
isbn={978-989-758-709-2},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - SECRYPT
TI - Bringing Binary Exploitation at Port 80: Understanding C Vulnerabilities in WebAssembly
SN - 978-989-758-709-2
IS - 2184-7711
AU - Massidda, E.
AU - Pisu, L.
AU - Maiorca, D.
AU - Giacinto, G.
PY - 2024
SP - 552
EP - 559
DO - 10.5220/0012852400003767
PB - SciTePress