Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn about Waltzz, a specialized greybox fuzzing framework designed to identify security vulnerabilities in WebAssembly (Wasm) runtime implementations through this 17-minute conference presentation from USENIX Security '25. Discover how researchers from Zhejiang University, Georgia Institute of Technology, and UCLA developed innovative solutions to overcome the unique challenges of fuzzing stack-based WebAssembly runtimes, including maintaining proper stack semantics and exploring the vast instruction space of hundreds of Wasm operations. Explore the framework's key technical contributions: stack-invariant code transformation that preserves appropriate stack semantics during fuzzing, a comprehensive suite of mutators for systematically traversing diverse instruction combinations in control and data flow, and a skeleton-based generation algorithm for producing rarely-seen code snippets. Examine the evaluation results demonstrating Waltzz's effectiveness across seven well-known Wasm runtimes, where it achieved 12.4% more code coverage than the nearest competitor and discovered 1.38x more unique bugs, ultimately uncovering 20 new confirmed bugs with 17 assigned CVE IDs, highlighting the critical importance of securing WebAssembly runtime implementations that serve as trusted computing bases for web and platform applications.
