{"id":"https://openalex.org/W4410088808","doi":"https://doi.org/10.1145/3696410.3714622","title":"WBSan: WebAssembly Bug Detection for Sanitization and Binary-Only Fuzzing","display_name":"WBSan: WebAssembly Bug Detection for Sanitization and Binary-Only Fuzzing","publication_year":2025,"publication_date":"2025-04-22","ids":{"openalex":"https://openalex.org/W4410088808","doi":"https://doi.org/10.1145/3696410.3714622"},"language":"en","primary_location":{"id":"doi:10.1145/3696410.3714622","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714622","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714622","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714622","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100859041","display_name":"Wu Xiao","orcid":null},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiao Wu","raw_affiliation_strings":["Hubei Key Laboratory of Distributed System Security, Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"Hubei Key Laboratory of Distributed System Security, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082457434","display_name":"Junzhou He","orcid":"https://orcid.org/0000-0001-5617-3101"},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Junzhou He","raw_affiliation_strings":["University of Southern California, Los Angeles, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of Southern California, Los Angeles, CA, USA","institution_ids":["https://openalex.org/I1174212"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016174009","display_name":"Lein-Saing Huang","orcid":null},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Liyan Huang","raw_affiliation_strings":["University of Southern California, Los Angeles, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of Southern California, Los Angeles, CA, USA","institution_ids":["https://openalex.org/I1174212"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038034507","display_name":"Cai Fu","orcid":"https://orcid.org/0000-0003-4536-3537"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Cai Fu","raw_affiliation_strings":["Hubei Key Laboratory of Distributed System Security, Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"Hubei Key Laboratory of Distributed System Security, Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072088517","display_name":"Weihang Wang","orcid":"https://orcid.org/0000-0003-1175-4409"},"institutions":[{"id":"https://openalex.org/I1174212","display_name":"University of Southern California","ror":"https://ror.org/03taz7m60","country_code":"US","type":"education","lineage":["https://openalex.org/I1174212"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Weihang Wang","raw_affiliation_strings":["University of Southern California, Los Angeles, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of Southern California, Los Angeles, CA, USA","institution_ids":["https://openalex.org/I1174212"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100859041"],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":2.4687,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.86171311,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"3311","last_page":"3322"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9905999898910522,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9848999977111816,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9586889743804932},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7078770399093628},{"id":"https://openalex.org/keywords/software-bug","display_name":"Software bug","score":0.48491746187210083},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4217781126499176},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1884547472000122},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.17596372961997986}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9586889743804932},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7078770399093628},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.48491746187210083},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4217781126499176},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1884547472000122},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.17596372961997986}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3696410.3714622","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714622","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714622","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3696410.3714622","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714622","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714622","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2714866684","display_name":"CAREER: Cross-Boundary Program Analyses for Web Applications","funder_award_id":"2321444","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6382090258","display_name":"SHF: Small: A General-Purpose Static Program Analysis Framework for WebAssembly","funder_award_id":"2409005","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4410088808.pdf","grobid_xml":"https://content.openalex.org/works/W4410088808.grobid-xml"},"referenced_works_count":23,"referenced_works":["https://openalex.org/W2059278087","https://openalex.org/W2156487548","https://openalex.org/W2156858199","https://openalex.org/W2625141509","https://openalex.org/W2767161562","https://openalex.org/W2888822874","https://openalex.org/W2951450826","https://openalex.org/W3103543923","https://openalex.org/W3104656873","https://openalex.org/W3139495538","https://openalex.org/W3152950651","https://openalex.org/W3155555003","https://openalex.org/W4206578767","https://openalex.org/W4210308899","https://openalex.org/W4224744482","https://openalex.org/W4226053725","https://openalex.org/W4282962713","https://openalex.org/W4285490400","https://openalex.org/W4327911462","https://openalex.org/W4376606648","https://openalex.org/W4389208656","https://openalex.org/W4401328698","https://openalex.org/W4402442995"],"related_works":["https://openalex.org/W614438062","https://openalex.org/W3173990398","https://openalex.org/W4205454537","https://openalex.org/W4226494072","https://openalex.org/W4385301282","https://openalex.org/W3170526652","https://openalex.org/W4381785649","https://openalex.org/W3105061167","https://openalex.org/W4287849816","https://openalex.org/W3006186133"],"abstract_inverted_index":{"With":[0],"the":[1,43,85,155],"advancement":[2],"of":[3,45,113],"WebAssembly,":[4],"abbreviated":[5],"as":[6,56],"Wasm,":[7],"various":[8],"memory":[9,48,99,119,123,146],"bugs":[10,100,147],"and":[11,23,42,93,101,115,141,148,162],"undefined":[12,102,149],"behaviors":[13],"have":[14],"emerged,":[15],"leading":[16],"to":[17,28,36,97,120],"security":[18],"issues":[19],"that":[20,128],"affect":[21],"usability":[22],"portability.":[24],"Existing":[25],"methods":[26],"struggle":[27],"detect":[29,98],"these":[30],"problems":[31],"in":[32,144],"Wasm":[33,63,87,94,117,138],"binaries":[34,76],"due":[35],"challenges":[37],"associated":[38],"with":[39,52,154],"binary":[40,88,95,139],"instrumentation":[41,96,107],"difficulty":[44],"defining":[46],"legal":[47],"bounds.While":[49],"sanitizers":[50,64,143],"combined":[51],"fuzzing":[53],"are":[54,77],"recognized":[55],"effective":[57],"means":[58],"for":[59,71,110],"identifying":[60],"bugs,":[61],"current":[62,137],"necessitate":[65],"compile-time":[66],"instrumentation,":[67],"rendering":[68],"them":[69],"unsuitable":[70],"practical":[72],"scenarios":[73],"where":[74],"only":[75],"accessible.":[78],"In":[79],"this":[80],"paper,":[81],"we":[82],"propose":[83],"WBSan,":[84],"first":[86],"sanitizer":[89],"employing":[90],"static":[91],"analysis":[92],"behaviors.":[103,150],"We":[104],"develop":[105],"distinct":[106],"patterns":[108],"tailored":[109],"each":[111],"type":[112],"bug":[114],"introduce":[116],"shadow":[118],"address":[121],"complex":[122],"bugs.":[124],"Our":[125],"results":[126],"reveal":[127],"WBSan":[129,158],"achieves":[130,163],"a":[131],"16.8%":[132],"false":[133],"detection":[134],"rate,":[135],"outperforming":[136],"checkers":[140],"native":[142],"detecting":[145],"Furthermore,":[151],"when":[152],"compared":[153],"binary-only":[156],"fuzzer,":[157],"uncovers":[159],"more":[160],"crashes":[161],"greater":[164],"code":[165],"coverage.":[166]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-15T09:29:46.208133","created_date":"2025-10-10T00:00:00"}