{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,15]],"date-time":"2026-07-15T14:40:07Z","timestamp":1784126407680,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,4,19]],"date-time":"2021-04-19T00:00:00Z","timestamp":1618790400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,4,19]]},"DOI":"10.1145\/3442381.3450138","type":"proceedings-article","created":{"date-parts":[[2021,6,3]],"date-time":"2021-06-03T19:34:17Z","timestamp":1622748857000},"page":"2696-2708","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":86,"title":["An Empirical Study of Real-World WebAssembly Binaries"],"prefix":"10.1145","author":[{"given":"Aaron","family":"Hilbig","sequence":"first","affiliation":[{"name":"University of Stuttgart, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Daniel","family":"Lehmann","sequence":"additional","affiliation":[{"name":"University of Stuttgart, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michael","family":"Pradel","sequence":"additional","affiliation":[{"name":"University of Stuttgart, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2021,6,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Georgi\u00a0Geshev Alex\u00a0Plaskett Fabian\u00a0Beterke. 2018. Apple Safari \u2013 Wasm Section Exploit.  Georgi\u00a0Geshev Alex\u00a0Plaskett Fabian\u00a0Beterke. 2018. Apple Safari \u2013 Wasm Section Exploit."},{"key":"e_1_3_2_1_2_1","volume-title":"Benoit Baudry, and Martin Monperrus.","author":"Arteaga Javier\u00a0Cabrera","year":"2020","unstructured":"Javier\u00a0Cabrera Arteaga , Orestis\u00a0Floros Malivitsis , Oscar Luis\u00a0Vera P\u00e9rez , Benoit Baudry, and Martin Monperrus. 2020 . CROW : Code Diversification for WebAssembly . arXiv preprint arXiv:2008.07185(2020). Javier\u00a0Cabrera Arteaga, Orestis\u00a0Floros Malivitsis, Oscar Luis\u00a0Vera P\u00e9rez, Benoit Baudry, and Martin Monperrus. 2020. CROW: Code Diversification for WebAssembly. arXiv preprint arXiv:2008.07185(2020)."},{"key":"e_1_3_2_1_3_1","unstructured":"John Bergbom. 2018. Memory safety: old vulnerabilities become new with WebAssembly.  John Bergbom. 2018. Memory safety: old vulnerabilities become new with WebAssembly."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3397537.3397567"},{"key":"e_1_3_2_1_5_1","unstructured":"Frank Denis. 2018. WebAssembly doesn\u2019t make unsafe languages safe (yet).  Frank Denis. 2018. WebAssembly doesn\u2019t make unsafe languages safe (yet)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3337167.3337171"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Ana\u00a0Nora Evans Bradford Campbell and Mary\u00a0Lou Soffa. 2020. Is Rust used Safely by Software Developers?. In ICSE. 246\u2013257.  Ana\u00a0Nora Evans Bradford Campbell and Mary\u00a0Lou Soffa. 2020. Is Rust used Safely by Software Developers?. In ICSE. 246\u2013257.","DOI":"10.1145\/3377811.3380413"},{"key":"e_1_3_2_1_8_1","unstructured":"William Fu Raymond Lin and Daniel Inge. 2018. TaintAssembly: Taint-Based Information Flow Control Tracking for WebAssembly. CoRR abs\/1802.01050(2018).  William Fu Raymond Lin and Daniel Inge. 2018. TaintAssembly: Taint-Based Information Flow Control Tracking for WebAssembly. CoRR abs\/1802.01050(2018)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Daniel Genkin Lev Pachmanov Eran Tromer and Yuval Yarom. 2018. Drive-By Key-Extraction Cache Attacks from Portable Code. In ACNS.  Daniel Genkin Lev Pachmanov Eran Tromer and Yuval Yarom. 2018. Drive-By Key-Extraction Cache Attacks from Portable Code. In ACNS.","DOI":"10.1007\/978-3-319-93387-0_5"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Andreas Haas Andreas Rossberg Derek\u00a0L Schuff Ben\u00a0L Titzer Michael Holman Dan Gohman Luke Wagner Alon Zakai and JF Bastien. 2017. Bringing the web up to speed with WebAssembly. In PLDI.  Andreas Haas Andreas Rossberg Derek\u00a0L Schuff Ben\u00a0L Titzer Michael Holman Dan Gohman Luke Wagner Alon Zakai and JF Bastien. 2017. Bringing the web up to speed with WebAssembly. In PLDI.","DOI":"10.1145\/3062341.3062363"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"David Herrera Hanfeng Chen Erick Lavoie and Laurie Hendren. 2018. Numerical computing on the web: benchmarking for the future. In DLS. ACM 88\u2013100.  David Herrera Hanfeng Chen Erick Lavoie and Laurie Hendren. 2018. Numerical computing on the web: benchmarking for the future. In DLS. ACM 88\u2013100.","DOI":"10.1145\/3393673.3276968"},{"key":"e_1_3_2_1_12_1","unstructured":"Abhinav Jangda Bobby Powers Emery\u00a0D. Berger and Arjun Guha. 2019. Not So Fast: Analyzing the Performance of WebAssembly vs. Native Code. In 2019 USENIX ATC. 107\u2013120.  Abhinav Jangda Bobby Powers Emery\u00a0D. Berger and Arjun Guha. 2019. Not So Fast: Analyzing the Performance of WebAssembly vs. Native Code. In 2019 USENIX ATC. 107\u2013120."},{"key":"e_1_3_2_1_13_1","volume":"201","author":"Khan Faiz","unstructured":"Faiz Khan , Vincent Foley-Bourgon , Sujay Kathrotia , Erick Lavoie , and Laurie\u00a0 J. Hendren. 201 4. Using JavaScript and WebCL for numerical computations: a comparative study of native and web technologies. In DLS\u201914. ACM, 91\u2013102. Faiz Khan, Vincent Foley-Bourgon, Sujay Kathrotia, Erick Lavoie, and Laurie\u00a0J. Hendren. 2014. Using JavaScript and WebCL for numerical computations: a comparative study of native and web technologies. In DLS\u201914. ACM, 91\u2013102.","journal-title":"J. Hendren."},{"key":"e_1_3_2_1_14_1","volume-title":"Outguard: Detecting in-browser covert cryptocurrency mining in the wild. In WWW \u201919.","author":"Kharraz Amin","year":"2019","unstructured":"Amin Kharraz , Zane Ma , Paul Murley , Charles Lever , Joshua Mason , Andrew Miller , Nikita Borisov , Manos Antonakakis , and Michael Bailey . 2019 . Outguard: Detecting in-browser covert cryptocurrency mining in the wild. In WWW \u201919. Amin Kharraz, Zane Ma, Paul Murley, Charles Lever, Joshua Mason, Andrew Miller, Nikita Borisov, Manos Antonakakis, and Michael Bailey. 2019. Outguard: Detecting in-browser covert cryptocurrency mining in the wild. In WWW \u201919."},{"key":"e_1_3_2_1_15_1","volume-title":"CCS","author":"Konoth Radhesh\u00a0Krishnan","year":"2018","unstructured":"Radhesh\u00a0Krishnan Konoth , Emanuele Vineti , Veelasha Moonsamy , Martina Lindorfer , Christopher Kruegel , Herbert Bos , and Giovanni Vigna . 2018 . MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense . In CCS 2018. Radhesh\u00a0Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, and Giovanni Vigna. 2018. MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense. In CCS 2018."},{"key":"e_1_3_2_1_16_1","volume-title":"Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In NDSS","author":"Lauinger Tobias","year":"2017","unstructured":"Tobias Lauinger , Abdelberi Chaabane , Sajjad Arshad , William Robertson , Christo Wilson , and Engin Kirda . 2017 . Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In NDSS 2017. Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. 2017. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In NDSS 2017."},{"key":"e_1_3_2_1_17_1","unstructured":"Dawn Lawrie Christopher Morrell Henry Feild and David Binkley. 2006. What\u2019s in a Name? A Study of Identifiers. In ICPC. 3\u201312.  Dawn Lawrie Christopher Morrell Henry Feild and David Binkley. 2006. What\u2019s in a Name? A Study of Identifiers. In ICPC. 3\u201312."},{"key":"e_1_3_2_1_18_1","volume-title":"Everything Old is New Again: Binary Security of WebAssembly(USENIX Security","author":"Lehmann Daniel","year":"2020","unstructured":"Daniel Lehmann , Johannes Kinder , and Michael Pradel . 2020. Everything Old is New Again: Binary Security of WebAssembly(USENIX Security 2020 ). 217\u2013234. Daniel Lehmann, Johannes Kinder, and Michael Pradel. 2020. Everything Old is New Again: Binary Security of WebAssembly(USENIX Security 2020). 217\u2013234."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304068"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Giorgi Maisuradze and Christian Rossow. 2018. Ret2spec: Speculative Execution Using Return Stack Buffers. In CCS.  Giorgi Maisuradze and Christian Rossow. 2018. Ret2spec: Speculative Execution Using Return Stack Buffers. In CCS.","DOI":"10.1145\/3243734.3243761"},{"key":"e_1_3_2_1_21_1","volume-title":"Introduction to information retrieval","author":"Manning D","unstructured":"Christopher\u00a0 D Manning , Hinrich Sch\u00fctze , and Prabhakar Raghavan . 2008. Introduction to information retrieval . Cambridge university press . Christopher\u00a0D Manning, Hinrich Sch\u00fctze, and Prabhakar Raghavan. 2008. Introduction to information retrieval. Cambridge university press."},{"key":"e_1_3_2_1_22_1","volume-title":"Security Chasms of WASM","author":"McFadden Brian","unstructured":"Brian McFadden , Tyler Lukasiewicz , Jeff Dileo , and Justin Engler . 2018. Security Chasms of WASM . NCC Group Whitepaper . Brian McFadden, Tyler Lukasiewicz, Jeff Dileo, and Justin Engler. 2018. Security Chasms of WASM. NCC Group Whitepaper."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23309"},{"key":"e_1_3_2_1_24_1","volume-title":"New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild(DIMVA","author":"Musch Marius","year":"2019","unstructured":"Marius Musch , Christian Wressnegger , Martin Johns , and Konrad Rieck . 2019. New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild(DIMVA 2019 ). Springer , 23\u201342. Marius Musch, Christian Wressnegger, Martin Johns, and Konrad Rieck. 2019. New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild(DIMVA 2019). Springer, 23\u201342."},{"key":"e_1_3_2_1_25_1","unstructured":"Marius Musch Christian Wressnegger Martin Johns and Konrad Rieck. 2019. Thieves in the Browser: Web-based Cryptojacking in the Wild. In ARES.  Marius Musch Christian Wressnegger Martin Johns and Konrad Rieck. 2019. Thieves in the Browser: Web-based Cryptojacking in the Wild. In ARES."},{"key":"e_1_3_2_1_26_1","unstructured":"Shravan Narayan Craig Disselkoen Tal Garfinkel Nathan Froyd Eric Rahm Sorin Lerner Hovav Shacham and Deian Stefan. 2020. Retrofitting Fine Grain Isolation in the Firefox Renderer. In USENIX Security.  Shravan Narayan Craig Disselkoen Tal Garfinkel Nathan Froyd Eric Rahm Sorin Lerner Hovav Shacham and Deian Stefan. 2020. Retrofitting Fine Grain Isolation in the Firefox Renderer. In USENIX Security."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Nick Nikiforakis Luca Invernizzi Alexandros Kapravelos Steven\u00a0Van Acker Wouter Joosen Christopher Kruegel Frank Piessens and Giovanni Vigna. 2012. You are what you include: large-scale evaluation of remote JavaScript inclusions. In CCS. 736\u2013747.  Nick Nikiforakis Luca Invernizzi Alexandros Kapravelos Steven\u00a0Van Acker Wouter Joosen Christopher Kruegel Frank Piessens and Giovanni Vigna. 2012. You are what you include: large-scale evaluation of remote JavaScript inclusions. In CCS. 736\u2013747.","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_28_1","volume-title":"Tranco: A research-oriented top sites ranking hardened against manipulation. arXiv preprint arXiv:1802.01156(2018).","author":"Pochat Victor\u00a0Le","year":"2018","unstructured":"Victor\u00a0Le Pochat , Tom Van\u00a0Goethem , Samaneh Tajalizadehkhoob , Maciej Korczy\u0144ski , and Wouter Joosen . 2018 . Tranco: A research-oriented top sites ranking hardened against manipulation. arXiv preprint arXiv:1802.01156(2018). Victor\u00a0Le Pochat, Tom Van\u00a0Goethem, Samaneh Tajalizadehkhoob, Maciej Korczy\u0144ski, and Wouter Joosen. 2018. Tranco: A research-oriented top sites ranking hardened against manipulation. arXiv preprint arXiv:1802.01156(2018)."},{"key":"e_1_3_2_1_29_1","unstructured":"Michael Pradel and Koushik Sen. 2015. The Good the Bad and the Ugly: An Empirical Study of Implicit Type Conversions in JavaScript. In ECOOP.  Michael Pradel and Koushik Sen. 2015. The Good the Bad and the Ugly: An Empirical Study of Implicit Type Conversions in JavaScript. In ECOOP."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"J. Protzenko B. Beurdouche D. Merigoux and K. Bhargavan. 2019. Formally Verified Cryptographic Web Applications in WebAssembly. In SP.  J. Protzenko B. Beurdouche D. Merigoux and K. Bhargavan. 2019. Formally Verified Cryptographic Web Applications in WebAssembly. In SP.","DOI":"10.1109\/SP.2019.00064"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Gregor Richards Andreas Gal Brendan Eich and Jan Vitek. 2011. Automated construction of JavaScript benchmarks. In OOPSLA. 677\u2013694.  Gregor Richards Andreas Gal Brendan Eich and Jan Vitek. 2011. Automated construction of JavaScript benchmarks. In OOPSLA. 677\u2013694.","DOI":"10.1145\/2076021.2048119"},{"key":"e_1_3_2_1_32_1","unstructured":"Andreas Rossberg. 2019. Multiple per-module memories for Wasm.  Andreas Rossberg. 2019. Multiple per-module memories for Wasm."},{"key":"e_1_3_2_1_33_1","unstructured":"Andreas Rossberg. 2019. Proposal for adding basic reference types.  Andreas Rossberg. 2019. Proposal for adding basic reference types."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Jan R\u00fcth Torsten Zimmermann Konrad Wolsing and Oliver Hohlfeld. 2018. Digging into Browser-based Crypto Mining. In IMC.  Jan R\u00fcth Torsten Zimmermann Konrad Wolsing and Oliver Hohlfeld. 2018. Digging into Browser-based Crypto Mining. In IMC.","DOI":"10.1145\/3278532.3278539"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Marija Selakovic and Michael Pradel. 2016. Performance Issues and Optimizations in JavaScript: An Empirical Study. In ICSE.  Marija Selakovic and Michael Pradel. 2016. Performance Issues and Optimizations in JavaScript: An Empirical Study. In ICSE.","DOI":"10.1145\/2884781.2884829"},{"key":"e_1_3_2_1_36_1","unstructured":"Natalie Silvanovich. 2018. The Problems and Promise of WebAssembly.  Natalie Silvanovich. 2018. The Problems and Promise of WebAssembly."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Philippe Skolka Cristian-Alexandru Staicu and Michael Pradel. 2019. Anything to Hide? Studying Minified and Obfuscated Code in the Web. In WWW.  Philippe Skolka Cristian-Alexandru Staicu and Michael Pradel. 2019. Anything to Hide? Studying Minified and Obfuscated Code in the Web. In WWW.","DOI":"10.1145\/3308558.3313752"},{"key":"e_1_3_2_1_38_1","unstructured":"Sooel Son and Vitaly Shmatikov. 2013. The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites.. In NDSS.  Sooel Son and Vitaly Shmatikov. 2013. The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites.. In NDSS."},{"key":"e_1_3_2_1_39_1","unstructured":"Cristian-Alexandru Staicu and Michael Pradel. 2018. Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers. In USENIX Sec.  Cristian-Alexandru Staicu and Michael Pradel. 2018. Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers. In USENIX Sec."},{"key":"e_1_3_2_1_40_1","unstructured":"Aron Szanto Timothy Tamm and Artidoro Pagnoni. 2018. Taint Tracking for WebAssembly. https:\/\/arxiv.org\/abs\/1807.08349. arxiv:1807.08349\u00a0[cs.CR]  Aron Szanto Timothy Tamm and Artidoro Pagnoni. 2018. Taint Tracking for WebAssembly. https:\/\/arxiv.org\/abs\/1807.08349. arxiv:1807.08349\u00a0[cs.CR]"},{"key":"e_1_3_2_1_41_1","volume-title":"SoK: Eternal War in Memory. In 2013 IEEE Symposium on Security and Privacy (SP","author":"Szekeres Laszlo","year":"2013","unstructured":"Laszlo Szekeres , Mathias Payer , Tao Wei , and Dawn Song . 2013 . SoK: Eternal War in Memory. In 2013 IEEE Symposium on Security and Privacy (SP 2013). Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In 2013 IEEE Symposium on Security and Privacy (SP 2013)."},{"key":"e_1_3_2_1_42_1","volume-title":"Is Cryptojacking Dead after Coinhive Shutdown?","author":"Varlioglu Said","unstructured":"Said Varlioglu , Bilal Gonen , Murat Ozer , and Mehmet Bastug . 2020. Is Cryptojacking Dead after Coinhive Shutdown? . In ICICT. IEEE , 385\u2013389. Said Varlioglu, Bilal Gonen, Murat Ozer, and Mehmet Bastug. 2020. Is Cryptojacking Dead after Coinhive Shutdown?. In ICICT. IEEE, 385\u2013389."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-98989-1_7"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3167082"},{"key":"e_1_3_2_1_45_1","volume-title":"CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem. POPL","author":"Watt Conrad","year":"2019","unstructured":"Conrad Watt , John Renner , Natalie Popescu , Sunjay Cauligi , and Deian Stefan . 2019. CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem. POPL ( 2019 ). Conrad Watt, John Renner, Natalie Popescu, Sunjay Cauligi, and Deian Stefan. 2019. CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem. POPL (2019)."},{"key":"e_1_3_2_1_46_1","unstructured":"Hui Xu Zhuangbin Chen Mingshen Sun and Yangfan Zhou. 2020. Memory-Safety Challenge Considered Solved? An Empirical Study with All Rust CVEs. arXiv preprint arXiv:2003.03296(2020).  Hui Xu Zhuangbin Chen Mingshen Sun and Yangfan Zhou. 2020. Memory-Safety Challenge Considered Solved? An Empirical Study with All Rust CVEs. arXiv preprint arXiv:2003.03296(2020)."}],"event":{"name":"WWW '21: The Web Conference 2021","location":"Ljubljana Slovenia","acronym":"WWW '21","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the Web Conference 2021"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3442381.3450138","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3442381.3450138","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:28Z","timestamp":1750195468000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3442381.3450138"}},"subtitle":["Security, Languages, Use Cases"],"short-title":[],"issued":{"date-parts":[[2021,4,19]]},"references-count":46,"alternative-id":["10.1145\/3442381.3450138","10.1145\/3442381"],"URL":"https:\/\/doi.org\/10.1145\/3442381.3450138","relation":{},"subject":[],"published":{"date-parts":[[2021,4,19]]},"assertion":[{"value":"2021-06-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}