Practical secure compilation using WebAssembly


WebAssembly (Wasm) is a portable bytecode originally designed to safely run native code (e.g., C/C++ and Rust) in the browser. Since its initial design, though, Wasm has been increasingly used to sandbox untrusted code outside the browser. For example, Fastly and Cloudflare use Wasm to sandbox client applications running on their edge clouds, and with Mozilla we are using Wasm to sandbox libraries in Firefox. In this talk I will describe this effort and our effort to make Wasm more secure (e.g., by hardening Wasm against compiler bugs and Spectre attacks).

Mar 12, 2021 5:00 PM