Zur Person:

Oussama Draissi ist wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit an der Universität Duisburg-Essen. Seine Forschung konzentriert sich auf die Entwicklung von Schutzmechanismen und die Analyse von Schwachstellen in Anwendungen auf verschiedenen Plattformen, darunter der Browser, Smart Contracts und RISC-V.

Lebenslauf:

Seit 06/2022

Wissenschaftlicher Mitarbeiter am Lehrstuhl für Systemsicherheit an der Universität Duisburg-Essen

06/2019 - 05/2022

Wissenschaftliche Hilfskraft am Lehrstuhl für Systemsicherheit an der Universität Duisburg-Essen

10/2019 - 03/2022

Masterstudium Software and Network Engineering an der Universität Duisburg-Essen

12/2017 - 05/2019

Studentische Hilfskraft am Lehrstuhl für Systemsicherheit an der Universität Duisburg-Essen

04/2015 - 05/2019

Bachelorstudium Angewandte Informatik - Systems Engineering an der Universität Duisburg-Essen (Abschluss mit B. Sc.)

Titel der Bachelorarbeit: Evaluation of Automated Advanced Information Leak Exploitation for Memory Corruption Attacks    

Publikationen:

• Draissi, Oussama; Davi, Lucas: Bento: Fine-Grained Memory Isolation for COTS WebAssembly Binaries. In: Proc. of 35th ACM Web Conference 2026 (WWW '26). Association for Computing Machinery (ACM), Dubai, United Arab Emirates, 2026. Kurzfassung Details BIB Download

  WebAssembly (Wasm) enables execution of memory-unsafe languages like C/C++ in the browser, but its monolithic linear memory leaves modules vulnerable to high-impact attacks such as Cross-Site Scripting. Existing defenses are unsuitable for Commercial-off-the-shelf (COTS) binaries, requiring source code, non-standard runtimes, or introduce high-overhead instrumentation. We present Bento, the first static binary rewriter that automatically hardens COTS Wasm modules. Bento uses whole-program pointer analysis to partition memory into logical regions (stack, heap, globals) and rewrites the binary to map each to an isolated instance using the standard Wasm multi-memory feature.This creates a software-based MMU that provides architectural hardening withoutadding instructions or runtime checks.Our evaluation shows Bento mitigates real-world exploits in prominentapplications, including Libpng and PDFAlto, while preserving semantics, as confirmed by extensive differential testing. This architectural approach adds no new instructions, achieving zero computational overhead. This results in negligible performance costs: a 3% runtime slowdown and a 1% startup overhead.

• Winkler, Pascal; Giesen, Jens-Rene; Draissi, Oussama; Badaloni, Federico; Holler, Sebastian; Schneidewind, Clara; Davi, Lucas: $2B Lessons: Brigade as a Defense Against Real-World DeFi Bridge Exploits. In: Proc. of 24th International Conference on Applied Cryptography and Network Security (ACNS). Stony Brook, USA, 2026. Details BIB Download
• Draissi, Oussama; Cloosters, Tobias; Klein, David; Rodler, Michael; Musch, Marius; Johns, Martin; Davi, Lucas: Wemby’s Web: Hunting for Memory Corruption in WebAssembly. In: Proc. of 34th of Association for Computing and Machinery SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) . Association for Computing Machinery (ACM), Trondheim, Norway, 2025. doi:10.1145/3728937Kurzfassung Details BIB Download

  WebAssembly enables fast execution of performance-critical in web applications utilizing native code. However, recent research has demonstrated the potential for memory corruption errors within WebAssembly modules to exploit web applications. In this work, we present the first systematic analysis of memory corruption in WebAssembly, unveiling the prevalence of a novel threat model
  where memory corruption enables code injection on a victim’s browser. Our large-scale analysis across 37797 domains reveals that an alarming 29411 (77.81\%) of those fully trust data coming from potentially attacker-controlled sources. As a result, an attacker can exploit memory errors to manipulate the WebAssembly memory, where the data is implicitly trusted and frequently passed
  into security-sensitive functions such as eval or directly into the DOM via innerHTML. Thus, an attacker can abuse this trust to gain JavaScript code execution, i.e., Cross-Site Scripting (XSS).

  To tackle this issue, we present Wemby, the first viable approach to efficiently analyze WebAssembly-powered websites holistically. We demonstrate that Wemby is proficient at detecting remotely exposed memory corruption errors in web applications through fuzzing. For this purpose, we implement binary-only WebAssembly instrumentation that provides fine-grained memory corruption
  oracles. We applied Wemby to different websites, uncovering several memory corruption bugs, including one on the Zoom platform. In terms of performance, our ablation study demonstrates that Wemby outperforms current WebAssembly fuzzers. Specifically, Wemby achieves an average speed improvement of 232 times and delivers 46\% greater code coverage compared to the state-of-the-art.
   

• Cloosters, Tobias; Draissi, Oussama; Willbold, Johannes; Holz, Thorsten; Davi, Lucas: Memory Corruption at the Border of Trusted Execution - Proc. of 2024 IEEE Security & Privacy. In: Institute of Electrical and Electronics Engineers (IEEE) Security & Privacy, Jg.2024 (2024), S. 2-11. doi:10.1109/MSEC.2024.3381439Kurzfassung Details BIB Download

  Trusted execution environments provide strong security guarantees, like isolation and confidentiality, but are not immune from memory-safety violations. Our investigation of public trusted execution environment code based on symbolic execution and fuzzing reveals subtle memory safety issues.

• Smolka, Sven; Giesen, Jens-Rene; Winkler, Pascal; Draissi, Oussama; Davi, Lucas; Karame, Ghassan; Pohl, Klaus: Fuzz on the Beach: Fuzzing Solana Smart Contracts. In: Proc. of 30th ACM SIGSAC Conference on Computer & Communications Security (CCS). Association for Computing Machinery (ACM), Copenhagen, Denmark, 2023. doi:10.1145/3576915.3623178Kurzfassung Details BIB Download

  Solana has quickly emerged as a popular platform for building decentralized applications (DApps), such as marketplaces for non- fungible tokens (NFTs). A key reason for its success are Solana’s low transaction fees and high performance, which is achieved in part due to its stateless programming model. Although the litera- ture features extensive tooling support for smart contract security, current solutions are largely tailored for the Ethereum Virtual Ma- chine. Unfortunately, the very stateless nature of Solana’s execution environment introduces novel attack patterns specific to Solana requiring a rethinking for building vulnerability analysis methods. In this paper, we address this gap and propose FuzzDelSol, the first binary-only coverage-guided fuzzing architecture for Solana smart contracts. FuzzDelSol faithfully models runtime specifics such as smart contract interactions. Moreover, since source code is not available for the large majority of Solana contracts, FuzzDelSol operates on the contract’s binary code. Hence, due to the lack of semantic information, we carefully extracted low-level program and state information to develop a diverse set of bug oracles covering all major bug classes in Solana. Our extensive evaluation on 6049 smart contracts shows that FuzzDelSol’s bug oracles finds impactful vulnerabilities with a high precision and recall. To the best of our knowledge, this is the largest evaluation of the security landscape on the Solana mainnet.

• Cloosters, Tobias; Paaßen, David; Wang, Jianqiang; Draissi, Oussama; Jauernig, Patrick; Stapf, Emmanuel; Davi, Lucas; Sadeghi, Ahmad-Reza: RiscyROP: Automated Return-Oriented Programming Attacks on RISC-V and ARM64. In: Proc. of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022). Association for Computing Machinery (ACM), Limassol, Cyprus, 2022. doi:10.1145/3545948.3545997KurzfassungPDF Details BIB Download

  Return-oriented programming (ROP) is a powerful run-time exploitation technique to attack vulnerable software. Modern RISC architectures like RISC-V and ARM64 pose new challenges for ROP execution due to the lack of a stack-based return instruction and strict instruction alignment. Further, the large number of caller-saved argument registers significantly reduces the gadget space available to the attacker. Consequently, existing ROP gadget tools for other processor architectures cannot be applied to these RISC architectures. Previous work on RISC-V provides only manual construction of ROP attacks against specially crafted programs, and no analysis of ROP attacks has been conducted for ARM64 yet.

  In this paper, we address these challenges and present RiscyROP, the first automated ROP gadget finding and chaining toolkit for RISC-V and ARM64. RiscyROP analyzes available gadgets utilizing symbolic execution, and automatically generates complex multi-stage chains to conduct arbitrary function calls. Our approach enables the first investigation of the gadget space on RISC-V and ARM64 real-world binaries. RiscyROP successfully builds ROP chains that enable an attacker to execute arbitrary function calls for the nginx web server as well as any binary that contains the libc library.

Vorträge:

• Smolka, Sven; Giesen, Jens-Rene; Winkler, Pascal; Draissi, Oussama; Davi, Lucas; Karame, Ghassan; Pohl, Klaus: Fuzz on the Beach: Fuzzing Solana Smart Contracts. ACM SIGSAC Conference on Computer & Communications Security (CCS), 28. Nov. 2023, Kopenhagen, Dänemark.