CySec Researchers Present at ACM CCS 2025
The ACM Conference on Computer and Communications Security (ACM CCS) is the flagship conference of ACM’s Special Interest Group on Security, Audit and Control (SIGSAC) and a premier venue for breakthrough work in systems and network security, cryptography, privacy, security engineering, and real-world deployments. With a highly selective review process and a broad international audience, ACM CCS showcases state-of-the-art research, fosters cross-sector collaboration, and sets the agenda for the cybersecurity field. ACM CCS 2025 takes place October 13–17, 2025, in Taipei, Taiwan.
CYSEC researchers are presenting two papers at ACM CCS 2025.
“Wanilla: Sound Noninterference Analysis for WebAssembly,” by Markus Scherer, Jeppe Fredsgaard Blaabjerg (Aarhus University), Alexander Sjösten, and Matteo Maffei, appears in the Formal Methods and Programming Languages track. WebAssembly is increasingly used to distribute software components in security-critical settings, but because it is often generated from memory-unsafe languages, subtle memory corruption and data leaks can occur. Wanilla introduces the first automatic, sound, fully static noninterference analysis for Wasm. In simple terms, it checks — purely by analyzing code — that secret data never influences public outputs and that a module’s memory remains intact. The approach lifts existing reachability analyses to noninterference by tracking taints on values and using value-sensitive, relational reasoning to safely remove taints when justified. Experiments on synthetic and real-world benchmarks show strong precision and performance for verifying memory integrity and other noninterference properties.
The second paper, “Fuzzing Processing Pipelines for Zero-Knowledge Circuits,” by Christoph Hochrainer, Anastasia Isychev, Valentin Wüstholz (Consensys), and Maria Christakis, is featured in the Software Security track. Modern zero-knowledge (ZK) applications in authentication, online voting, and blockchain rely on complex pipelines that transform programs written in domain-specific languages such as Circom and Noir into circuits used by ZK protocols. Logic bugs in these pipelines can have severe consequences, including identity or asset theft. The authors present the first systematic fuzzing method for ZK pipelines, using metamorphic test oracles to reveal critical logic flaws even when the “correct” output is unknown. Their open-source tool, Circuzz, uncovered 16 logic bugs across four diverse ZK pipelines; developers have already fixed 15 of them, underscoring the practical impact of the technique.
