Magdalena Maria Solitro

Dott.ssamag.

Magdalena Maria Solitro
Roles
  • PreDoc Researcher
Publications (created while at TU Wien)
    2024
    • Wappler: Sound Reachability Analysis for WebAssembly
      Scherer, M., Blaabjerg, J. F., Sjösten, A., Solitro, M. M., & Maffei, M. (2024). Wappler: Sound Reachability Analysis for WebAssembly. In L. O’Conner & P. Kellenberger (Eds.), 2024 IEEE 37th Computer Security Foundations Symposium (CSF) (pp. 249–264).
      DOI: 10.1109/CSF61375.2024.00025 Metadata
      Abstract
      WebAssembly (Wasm) is an increasingly deployed low-level language providing near-native performance to security-critical domains such as web browsers, smart contracts, and edge computing. In all of these domains, establishing the absence of bugs and security vulnerabilities is of utmost importance, which motivates the development of sound and automated static analysis techniques. This is, however, a challenging task since the Wasm formal semantics is not directly amenable to efficient static analysis, Wasm code is typically embedded in statically unknown and possibly malicious contexts, and the low-level nature of the language makes it hard to precisely and yet soundly capture memory management and other core features. In this work, we present Wappler, the first sound and automated static analysis technique for WebAssembly. The core idea is to encode the semantics into Horn clauses so as to make it accessible to automated theorem provers, such as z3. The realization of this approach, however, requires to tackle several challenges. We address the fact that the Wasm semantics is not directly amenable to automation of security proofs by introducing annotations that enable a precise, practical, and yet sound encoding. Furthermore, we devise a formalism to specify embedder behavior and introduce a sound yet precise memory abstraction. We demonstrate the expressiveness of our logical formalism by encoding several general as well as Wasm-specific security properties. Finally, we implement our static analysis technique and conduct an experimental evaluation over the official Wasm test suite to demonstrate its performance.