Security through Modularity in Wasm

Speaker: Andreas Rossberg

Andreas Rossberg is a principal researcher and engineer with the Dfinity Foundation. In an earlier life he was a software engineer at Google, where he worked on V8, the JavaScript virtual machine. Prior to his move to industry he was a researcher at the Max Planck Institute for Software Systems. He is one of the designers of WebAssembly, authored its formalisation and specification, and is the champion of various proposals for enhancements. At Dfinity, he is working on employing Wasm for decentralised cloud computing and is the tech lead of the languages team. His research interests revolve around programming languages, ranging from foundational theory, over design, to implementation techniques.

Abstract

WebAssembly (Wasm) is a low-level code format that has seen adoption in a wide range of execution environments such as the web, mobile, edge computing, and cloud computing. Because it allows executing untrusted machine-level code, its design has to take security considerations into account, putting it into a permanent tension between performance and safety. In this presentation, we will give an overview of Wasm’s basic safety and security features, with a focus on its module system and the sandboxing that can be achieved with it. We argue that proper modularity is a key ingredient to security, and a strong and expressive notion of modularity is crucial in expressing and scaling flexible software architectures securely.