| Time | Speaker | Format | Affiliation | Title | Abstract |
|---|---|---|---|---|---|
| TBD (25 mins) |
Khagan Karimov | University of Utah | Do Not Try It Until You Fuzz It: Correctness Testing in WebAssembly Implementations | Correctness bugs occur when a WebAssembly implementation produces the wrong result while still running normally. These bugs are especially problematic because they often go unnoticed, yet they can undermine trust in Wasm as a portable and reliable platform. In this talk, I will discuss why correctness matters for WebAssembly, highlight the challenges of detecting subtle miscompilations and semantic inconsistencies, and show how fuzzing can be used to systematically uncover these deep bugs across different engines. | |
| TBD (25 mins) |
Arne Vogel | FAU Erlangen-Nürnberg | WasmEye: Language- and Platform-Independent Anomaly Detection for WebAssembly | With WebAssembly, you can write and run code in various languages on almost any platform. This has already led to its versatile use in IoT, edge, and cloud environments. With this broad use in complex distributed environments, additional control and management support, such as anomaly detection, to ensure reliable and secure execution will become key to WebAssembly's future success. We want to detect anomalies in WebAssembly modules to protect the system from bugs or malicious code. However, current anomaly detection solutions do not adhere to the WebAssembly philosophy by ignoring platform and source language independence or by being limited to specific types of attacks. In this talk, we present WasmEye, a platform- and source language- independent anomaly detection system for WebAssembly. WasmEye's anomaly detection is based on ensemble learning, directly integrated into the WebAssembly module. This allows WasmEye to offer platform-independent anomaly detection without any source language restrictions: a key feature for the WebAssembly ecosystem. We present the design and implementation of WasmEye, show how we can achieve secure anomaly detection inside of modules themselves and evaluate its performance characteristics and effectiveness of anomaly detection. | |
| TBD (25 mins) |
Michiel Van Kerckhove, Merlijn Sebrechts | Imec - Ghent University | WASI performance on IoT and embedded | This talk investigates the performance of WebAssembly and different WASI versions on IoT and embedded devices. A specific focus is on comparing the overhead of WASI preview 1 and WASI preview 2. It provides some rules of thumb to think about WebAssembly performance on devices, and provides some pointers towards areas that could be improved. | |
| TBD (25 mins) |
Merlijn Sebrechts | Imec - Ghent University | WebAssembly as an enabler for multi-party confidential computing | How can you process sensitive data with confidential algorithms of multiple parties? Confidential computing solutions such as AMD SEV-SNP can protect data and software in-use from external threats using a confidential VM. However, these assume all software inside of the Confidential VM is trusted. Software inside of the VM has full access to all data and can exfiltrate it at will. This talk explains how imec uses WebAssembly as a second isolation layer to protect data from threats coming from inside the confidential VM. The talk also applies this technology to a practical use-case of estimating the environmental impact of chip fabrication as part of the imec.netzero application. | |
| TBD (25 mins) |
Markus Scherer | TU Wien | Wanilla: Sound Noninterference Analysis for WebAssembly | WebAssembly (Wasm) is rapidly gaining popularity as a distribution format for software components embedded in various security-critical domains. Unfortunately, despite its prudent design, WebAssembly's primary use case as a compilation target for memory-unsafe languages leaves some possibilities for memory corruption. Independently of that, Wasm is an inherently interesting target for information flow analysis due to its interfacing role. Both the information flows between a Wasm module and its embedding context, as well as the memory integrity within a module, can be described by the hyperproperty noninterference. So far, no sound, fully static noninterference analysis for Wasm has been presented, but sound reachability analyses were. This work presents a novel and general approach to lift reachability analyses to noninterference by tracking taints on values and using value-sensitive, relational reasoning to remove them when appropriate. We implement this approach in Wanilla, the first automatic, sound, and fully static noninterference analysis for WebAssembly, and demonstrate its performance and precision by verifying memory integrity and other noninterference properties with several synthetic and real-world benchmarks. | |
| TBD (25 mins) |
Mats Brorsson | University of Luxembourg | An embryo to a Polars interface for WASI | We are investigating a general approach to utilize host possibilities to accelerate data processing of WebAssembly programs with a Polars WASI interface. The idea is inspired by the Polars and Pandas datafram libraries for Python, where Python is actually not managing the memory of the dataframe. Datafreames are represented as handles and operations on dataframes using function calls over the component model. This is a very early work and mostly on the idea status at this point. | |
| TBD (25 mins) |
Arjun Ramesh | Carnegie Mellon University | Towards Time-Travel Debugging for Wasm | Tracing the root cause of bugs can be difficult especially for non-deterministic programs with arbitrary host interfaces, and the Wasm ecosystem today lacks tooling around debugging infrastructure. In this talk, we will share our path towards building time-travel debugging for Wasm on Wasmtime to allow deterministic re-execution of a recorded program execution in both the forward and reverse direction. This talk will cover current efforts towards designing low overhead record/replay as well as future plans towards supporting bi-directional execution of replays. | |
| TBD (25 mins) |
Chris Woods and Stephen Berard | Siemens | Reducing Runtime Implementation Costs with a Single System Interface Binary | Today the system interface is specified by the WebAssembly Subgroup and then implemented by every runtime which wishes to support it. This means that every runtime which executes on the same OS + ISA platform will end up duplicating effort and implementing the same system interface. The net result is that this raises the implementation efforts and costs for runtime creators. An alternative approach might be a pre-built binary which can be offered to all runtimes. This would reduce the cost of developing a runtime, runtime developers can focus on creating the most efficient execution engine and leave the system interface work to the pre-built binary. However this design approach faces several challenges, this talk presents the concept and explains the research and findings. It points toward the need for a "Wasm C API" specifically for a special form of runtime plugin that can offer a system interface. | |
| 5:15-5:30 (15 mins) |
Discussion | --- | --- | --- | --- |
Copyright (c) 2025, the WebAssembly Research Center at CMU.