{"id":"https://openalex.org/W4416549327","doi":"https://doi.org/10.1145/3719027.3765156","title":"<scp>Wanilla:</scp> Sound Noninterference Analysis for WebAssembly","display_name":"<scp>Wanilla:</scp> Sound Noninterference Analysis for WebAssembly","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549327","doi":"https://doi.org/10.1145/3719027.3765156"},"language":"en","primary_location":{"id":"doi:10.1145/3719027.3765156","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765156","pdf_url":null,"source":null,"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3719027.3765156","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108187145","display_name":"Markus Scherer","orcid":null},"institutions":[{"id":"https://openalex.org/I4210105054","display_name":"Christian Doppler Laboratory for Thermoelectricity","ror":"https://ror.org/01cbw5x35","country_code":"AT","type":"facility","lineage":["https://openalex.org/I129774422","https://openalex.org/I145847075","https://openalex.org/I4210105054"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Markus Scherer","raw_affiliation_strings":["TU Wien, Vienna, Austria and Christian Doppler Laboratory Blockchain Technologies for the Internet of Things, Vienna, Austria"],"raw_orcid":"https://orcid.org/0009-0005-6826-3493","affiliations":[{"raw_affiliation_string":"TU Wien, Vienna, Austria and Christian Doppler Laboratory Blockchain Technologies for the Internet of Things, Vienna, Austria","institution_ids":["https://openalex.org/I4210105054"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020323135","display_name":"Jeppe Fredsgaard Blaabjerg","orcid":"https://orcid.org/0000-0001-6228-6137"},"institutions":[{"id":"https://openalex.org/I204337017","display_name":"Aarhus University","ror":"https://ror.org/01aj84f44","country_code":"DK","type":"education","lineage":["https://openalex.org/I204337017"]}],"countries":["DK"],"is_corresponding":false,"raw_author_name":"Jeppe Fredsgaard Blaabjerg","raw_affiliation_strings":["Aarhus University, Aarhus, Denmark"],"raw_orcid":"https://orcid.org/0000-0001-6228-6137","affiliations":[{"raw_affiliation_string":"Aarhus University, Aarhus, Denmark","institution_ids":["https://openalex.org/I204337017"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059422066","display_name":"Alexander Sj\u00f6sten","orcid":"https://orcid.org/0000-0001-7620-5799"},"institutions":[{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Alexander Sj\u00f6sten","raw_affiliation_strings":["TU Wien, Vienna, Austria"],"raw_orcid":"https://orcid.org/0000-0001-7620-5799","affiliations":[{"raw_affiliation_string":"TU Wien, Vienna, Austria","institution_ids":["https://openalex.org/I145847075"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059351004","display_name":"Matteo Maffei","orcid":"https://orcid.org/0000-0001-8061-1685"},"institutions":[{"id":"https://openalex.org/I4210105054","display_name":"Christian Doppler Laboratory for Thermoelectricity","ror":"https://ror.org/01cbw5x35","country_code":"AT","type":"facility","lineage":["https://openalex.org/I129774422","https://openalex.org/I145847075","https://openalex.org/I4210105054"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Matteo Maffei","raw_affiliation_strings":["TU Wien, Vienna, Austria and Christian Doppler Laboratory Blockchain Technologies for the Internet of Things, Vienna, Austria"],"raw_orcid":"https://orcid.org/0000-0001-8061-1685","affiliations":[{"raw_affiliation_string":"TU Wien, Vienna, Austria and Christian Doppler Laboratory Blockchain Technologies for the Internet of Things, Vienna, Austria","institution_ids":["https://openalex.org/I4210105054"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.17132212,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"126","last_page":"140"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8076000213623047,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8076000213623047,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.032499998807907104,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.03060000017285347,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/reachability","display_name":"Reachability","score":0.6845999956130981},{"id":"https://openalex.org/keywords/interfacing","display_name":"Interfacing","score":0.6233000159263611},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.5259000062942505},{"id":"https://openalex.org/keywords/lift","display_name":"Lift (data mining)","score":0.5141000151634216},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.46639999747276306},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4309999942779541},{"id":"https://openalex.org/keywords/tracking","display_name":"Tracking (education)","score":0.3718999922275543},{"id":"https://openalex.org/keywords/property","display_name":"Property (philosophy)","score":0.3582000136375427}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7616000175476074},{"id":"https://openalex.org/C136643341","wikidata":"https://www.wikidata.org/wiki/Q1361526","display_name":"Reachability","level":2,"score":0.6845999956130981},{"id":"https://openalex.org/C2776303644","wikidata":"https://www.wikidata.org/wiki/Q1020499","display_name":"Interfacing","level":2,"score":0.6233000159263611},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.5259000062942505},{"id":"https://openalex.org/C139002025","wikidata":"https://www.wikidata.org/wiki/Q3001212","display_name":"Lift (data mining)","level":2,"score":0.5141000151634216},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.46639999747276306},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4415999948978424},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4309999942779541},{"id":"https://openalex.org/C2775936607","wikidata":"https://www.wikidata.org/wiki/Q466845","display_name":"Tracking (education)","level":2,"score":0.3718999922275543},{"id":"https://openalex.org/C189950617","wikidata":"https://www.wikidata.org/wiki/Q937228","display_name":"Property (philosophy)","level":2,"score":0.3582000136375427},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.32919999957084656},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3237999975681305},{"id":"https://openalex.org/C2779136372","wikidata":"https://www.wikidata.org/wiki/Q10283002","display_name":"Information flow","level":2,"score":0.2870999872684479},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.2858999967575073},{"id":"https://openalex.org/C5655090","wikidata":"https://www.wikidata.org/wiki/Q192588","display_name":"Relational database","level":2,"score":0.2849999964237213},{"id":"https://openalex.org/C2776436953","wikidata":"https://www.wikidata.org/wiki/Q5163215","display_name":"Consistency (knowledge bases)","level":2,"score":0.28200000524520874},{"id":"https://openalex.org/C2777669093","wikidata":"https://www.wikidata.org/wiki/Q17141570","display_name":"Reachability problem","level":3,"score":0.2750999927520752},{"id":"https://openalex.org/C2780654840","wikidata":"https://www.wikidata.org/wiki/Q333341","display_name":"Abstract interpretation","level":2,"score":0.2728999853134155},{"id":"https://openalex.org/C12186640","wikidata":"https://www.wikidata.org/wiki/Q6815743","display_name":"Memory model","level":3,"score":0.2628999948501587},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.26249998807907104},{"id":"https://openalex.org/C2777026412","wikidata":"https://www.wikidata.org/wiki/Q2684591","display_name":"Statement (logic)","level":2,"score":0.25940001010894775},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2574999928474426},{"id":"https://openalex.org/C2988963302","wikidata":"https://www.wikidata.org/wiki/Q629206","display_name":"Program code","level":2,"score":0.2522999942302704}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3719027.3765156","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765156","pdf_url":null,"source":null,"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.atira.dk:openaire/286e21b3-0722-4d3b-a36b-092f10583e53","is_oa":true,"landing_page_url":"https://pure.au.dk/portal/en/publications/286e21b3-0722-4d3b-a36b-092f10583e53","pdf_url":null,"source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Scherer, M, Blaabjerg, J F, Sj\u00f6sten, A & Maffei, M 2025, Wanilla : Sound Noninterference Analysis for WebAssembly. in CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, pp. 126-140, 32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025, Taipei, Taiwan, 13/10/2025. https://doi.org/10.1145/3719027.3765156","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:arXiv.org:2509.08758","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.08758","pdf_url":"https://arxiv.org/pdf/2509.08758","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3719027.3765156","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765156","pdf_url":null,"source":null,"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2446669828","display_name":null,"funder_award_id":"SpyCode SFB project F8510-N","funder_id":"https://openalex.org/F4320321181","funder_display_name":"Austrian Science Fund"},{"id":"https://openalex.org/G73273434","display_name":null,"funder_award_id":"101141432-BlockSec","funder_id":"https://openalex.org/F4320334678","funder_display_name":"European Research Council"}],"funders":[{"id":"https://openalex.org/F4320321003","display_name":"Vienna Science and Technology Fund","ror":"https://ror.org/01f9mc681"},{"id":"https://openalex.org/F4320321181","display_name":"Austrian Science Fund","ror":"https://ror.org/013tf3c58"},{"id":"https://openalex.org/F4320334678","display_name":"European Research Council","ror":"https://ror.org/0472cxd90"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W57185801","https://openalex.org/W1553357069","https://openalex.org/W1587844310","https://openalex.org/W2034527657","https://openalex.org/W2076840859","https://openalex.org/W2122049982","https://openalex.org/W2131916295","https://openalex.org/W2381524979","https://openalex.org/W2625141509","https://openalex.org/W2752155394","https://openalex.org/W2987648005","https://openalex.org/W3095372536","https://openalex.org/W3095431539","https://openalex.org/W3183146186","https://openalex.org/W4206358530","https://openalex.org/W4236991443","https://openalex.org/W4402674348"],"related_works":[],"abstract_inverted_index":{"WebAssembly":[0],"(Wasm)":[1],"is":[2,44],"rapidly":[3],"gaining":[4],"popularity":[5],"as":[6,27,70,72],"a":[7,28,63,77,107],"distribution":[8],"format":[9],"for":[10,31,37,49,94,148],"software":[11],"components":[12],"embedded":[13],"in":[14,137],"various":[15],"security-critical":[16],"domains.":[17],"Unfortunately,":[18],"despite":[19],"its":[20,55,67,152],"prudent":[21],"design,":[22],"WebAssembly's":[23],"primary":[24],"use":[25],"case":[26],"compilation":[29],"target":[30,48],"memory-unsafe":[32],"languages":[33],"leaves":[34],"some":[35],"possibilities":[36],"memory":[38,74,158],"corruption.":[39],"Independently":[40],"of":[41],"that,":[42],"Wasm":[43,64,95],"an":[45],"inherently":[46],"interesting":[47],"information":[50,60],"flow":[51],"analysis":[52,93,147],"due":[53],"to":[54,112,116,128],"interfacing":[56],"role.":[57],"Both":[58],"the":[59,73,83,139],"flows":[61],"between":[62],"module":[65],"and":[66,109,123,143,150,154,160,167],"embedding":[68],"context,":[69],"well":[71],"integrity":[75,159],"within":[76],"module,":[78],"can":[79],"be":[80],"described":[81],"by":[82,118,156],"hyperproperty":[84],"noninterference.":[85],"So":[86],"far,":[87],"no":[88],"sound,":[89,142],"fully":[90,144],"static":[91,145],"noninterference":[92,117,146,162],"has":[96],"been":[97],"presented,":[98],"but":[99],"sound":[100],"reachability":[101,114],"analyses":[102,115],"were.":[103],"This":[104],"work":[105],"presents":[106],"novel":[108],"general":[110],"approach":[111,136],"lift":[113],"tracking":[119],"taints":[120],"on":[121],"values":[122],"using":[124],"value-sensitive,":[125],"relational":[126],"reasoning":[127],"remove":[129],"them":[130],"when":[131],"appropriate.":[132],"We":[133],"implement":[134],"this":[135],"Wanilla,":[138],"first":[140],"automatic,":[141],"WebAssembly,":[149],"demonstrate":[151],"performance":[153],"precision":[155],"verifying":[157],"other":[161],"properties":[163],"with":[164],"several":[165],"synthetic":[166],"real-world":[168],"benchmarks.":[169]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}