Web Assembly for Security Beyond the Browser

Presented at ArcticCon 2018, Oct. 4, 2018, 10 a.m. (45 minutes).

WebAssembly is a promising new technology that aims to bring performant, safe, multi-language features to browsers and fundamentally shift the web away from a Javascript monoculture. The WebAssembly effort is largely driven by browser vendors (Mozilla, Google, Microsoft, et. al.) but it provides a sandboxing framework designed for use outside the browser as well. Edge compute services, such as content delivery networks, mesh networks and edge cloud services, seek efficiency in engineering tradeoffs between performance, isolation, security and safety. WebAssembly has the potential to transform edge compute engineering by providing performant, secure execution of untrusted code in arbitrary applications. In this talk Jonathan Foote will cover salient aspects of WebAssembly, sandboxing technology, and early progress in research and development towards a security-hardened, high-performance sandbox design for running untrusted code on the server.

Presenters:

• Jonathan Foote - Fastly
  Jonathan Foote is principal security architect at Fastly, a content delivery network (CDN) that many ubiquitous and high-profile organizations like GitHub, Pinterest, and The New York Times rely on for performance, reliability, and security of their web applications. Previously, Jonathan attacked a range application and network environments as a penetration tester, performed security research at Carnegie Mellon University SEI/CERT, and engineered secure network communication systems for Fortune 100 companies. Jonathan holds a BS in Computer Science from Penn State and an MBA from Loyola University.

Links:

• https://arctic-con.com/talks/2018/jonathan-foote.html

Similar Presentations:

• Black Hat USA 2018 / The Problems and Promise of WebAssembly
• Black Hat USA 2018 / WebAssembly: A New World of Native Exploits on the Browser
• DEF CON 27 (2019) / Hacking WebAssembly Games with Binary Instrumentation