When Browser Memory Becomes a Bento Box
en-GBde-DEes-ESfr-FR

When Browser Memory Becomes a Bento Box

05/06/2026 Universität Duisburg-Essen

Google Earth, Zoom, Twitch.tv, or Photoshop – thanks to the WebAssembly standard, many powerful applications now run directly in the browser without installation. However, some of these web apps have serious security vulnerabilities. Researchers from paluno – The Ruhr Institute for Software Technology at the University of Duisburg-Essen have developed a solution to secure COTS applications by automatically reorganizing their memory.

Since 2019, WebAssembly (Wasm for short) has been a stable web standard designed to make complex desktop applications run in the browser. To make this possible, the original program code – often written in C or C++ – is compiled into the Wasm binary format, which is supported by all major browsers. There is a catch, however: if the code contains vulnerabilities, these are also transferred into the Wasm module during compilation. In C/C++, these are typically memory access errors such as buffer overflows. Hackers can exploit such vulnerabilities for so-called cross-site scripting (XSS) attacks, injecting malicious code that users then unknowingly execute in their browsers.

Existing approaches to securing Wasm modules are hardly practical: many require access to the application's source code, while others need special hardware or customized browser environments. The new solution developed by paluno researchers Oussama Draissi and Prof. Lucas Davi takes a different approach. They use Wasm's multi-memory feature to perform a one-time, fully automated memory reorganization of existing modules. The restructuring is reminiscent of a Japanese bento box, in which different foods are neatly separated into individual compartments. The advantage: isolating memory areas prevents, for example, HTML tags in one memory area from being overwritten by a buffer overflow in another. For users, the restructuring of the modules comes with no noticeable drawbacks. They will notice neither longer loading times nor a significantly larger memory footprint.

The researchers tested the effectiveness of the bento approach using known security vulnerabilities, including the infamous Heartbleed Bug. "In extensive tests, we were able to demonstrate that our solution would have successfully defended against real-world attacks on widely used applications," explains Oussama Draissi.

The work will be presented at the renowned “The ACM Web Conference” in Dubai at the end of June 2026.

Publication: https://doi.org/10.1145/3774904.3792439

Further informationen: Prof. Dr. Lucas Davi, Universität Duisburg-Essen, paluno – The Ruhr Institute for Software Technology, lucas.davi@uni-due.de

Editor: Birgit Kremer, paluno, birgit.kremer@paluno.uni-due.de

05/06/2026 Universität Duisburg-Essen
Regions: Europe, Germany
Keywords: Applied science, Computing

Disclaimer: AlphaGalileo is not responsible for the accuracy of content posted to AlphaGalileo by contributing institutions or for the use of any information through the AlphaGalileo system.

Testimonials

For well over a decade, in my capacity as a researcher, broadcaster, and producer, I have relied heavily on Alphagalileo.
All of my work trips have been planned around stories that I've found on this site.
The under embargo section allows us to plan ahead and the news releases enable us to find key experts.
Going through the tailored daily updates is the best way to start the day. It's such a critical service for me and many of my colleagues.
Koula Bouloukos, Senior manager, Editorial & Production Underknown
We have used AlphaGalileo since its foundation but frankly we need it more than ever now to ensure our research news is heard across Europe, Asia and North America. As one of the UK’s leading research universities we want to continue to work with other outstanding researchers in Europe. AlphaGalileo helps us to continue to bring our research story to them and the rest of the world.
Peter Dunn, Director of Press and Media Relations at the University of Warwick
AlphaGalileo has helped us more than double our reach at SciDev.Net. The service has enabled our journalists around the world to reach the mainstream media with articles about the impact of science on people in low- and middle-income countries, leading to big increases in the number of SciDev.Net articles that have been republished.
Ben Deighton, SciDevNet

We Work Closely With...

  • The Research Council of Norway
  • SciDevNet
  • Swiss National Science Foundation
  • iesResearch
Copyright 2026 by AlphaGalileo Terms Of Use Privacy Statement