Building principled and practical secure systems using Wasm


Deian Stefan
Professor - UCSD


Alexandra Henzinger
In this talk I'm going to talk about our adventures (ab)using WebAssembly to
build more secure systems. Wasm---at least in my view---is a secure compilation
intermediate representation. It makes it possible for us to compile
(potentially unsafe) code to a single IR, where we enforce different security
properties, and compile this retrofitted code to native code, where it runs
securely (e.g., isolated from every other piece of code). I'll start with our
work sandboxing third-party C libraries in Firefox, our work speeding up and
verifying Wasm compilers and runtimes, and our most recent work designing
hardware extensions (and abusing existing ones) to both speed up Wasm and
address different classes of attacks on Wasm especially as used by hyperscalers.