WebAssembly is a portable binary format first used to run existing C codebases like AutoCAD in the browser and to build cross-platform SDKs for services like Disney+.
WebAssembly ensures security by default through isolated linear memory for each module and control flow integrity that prevents unintended code execution paths.
.NET applications run on WebAssembly by compiling the .NET runtime (CLR) itself into a WASM module, which then interprets the standard .NET DLLs.
The WebAssembly System Interface (WASI) provides a standard API for running WASM modules outside the browser, enabling server-side applications with a capability-based security model.
A practical demonstration shows how a .NET application running on Wasmtime is denied file system access by default and requires explicit permissions to be granted.
This example demonstrates how to extend a .NET host application with a WebAssembly module written in Rust, while still enforcing strict, capability-based security policies.
The nano-process concept provides a fine-grained sandbox for each module, preventing malicious or vulnerable dependencies from gaining unauthorized access to system resources.
The security of the entire ecosystem relies on the runtime, and projects like Wasmtime use Rust, formal verification, and fuzzing to ensure its correctness and robustness.
Sensory-Minds GmbH
Offenbach am Main, Germany
30:58Edoardo Dusi
57:32Edoardo Dusi
30:57Önder Ceylan
27:27Stefan Schöberl
57:45Rainer Stropek
29:49Matt Butcher
58:53Akmal Chaudhri
26:59Jakub Andrzejewski
Jobs that call for the skills explored in this talk.
D-Wave Quantum Inc.
Portland, United States of America
Wawa Inc.
Media, United States of America
Baros Solutions GmbH
Burghausen, Germany
