logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Zong Cao, Zheng Wang, Yeqi Fu, Fangming Gu, Bohan Liu
2023-05-12

WebAssembly (WASM) is a high-performance compiled language for execution in web browsers that interoperates with JavaScript. In general, the wasm compiler in the browser is integrated into the javascript engine, which has proven to be an important attack surface in browsers over the past years. Protecting the security of the WASM compiler is a matter of security for the browser, and thus for the users. We have seen a remote code execution vulnerability in the wasm compiler previously (pwn2own2021), and it seems that no public research has continued to demonstrate vulnerabilities from this attack surface since then. In fact, over the past year, the number of commits of the Webassembly compiler in Webkit has surpassed that of javascript JIT and introduced some new features based on the wasm 2.0 specification such as Exceptions, Tail Call, SIMD, etc. In this case, the security of the wasm compiler should be re-emphasized.In this study, we focus on Webkit vulnerability hunting using fuzz testing. We first investigated some of the existing wasm fuzzer and studied their design patterns, and then we used a clever approach to create an efficient fuzzer for Webkit fuzzing. In addition, we deployed the fuzzer to other architectures because the Codegen part of the WASM compiler is architecture related. So far, we have submitted a total of 13 security-related issues (and the fuzzer is still producing new crashes today), 4 of which have been assigned CVEs and official acknowledgments from Apple, while some are still being investigated. These issues affect LLInt, BBQ, and OMG of the Webassembly compiler, some of which are also architecture related. In this talk, we will explain why we chose Webkit as our primary target and give a detailed introduction to the fuzzer creation process, as well as analyze a few interesting vulnerabilities we found.
Authors: Hung-Ying Tai, Vivian Hu
2023-04-21

tldr - powered by Generative AI

The presentation discusses the need for a lighter and more efficient way to manage microservices in the post-pandemic rise of lightweight microservices. The solution presented is the use of WebAssembly System Interface (WASI) to create a more lightweight and efficient infrastructure.
  • The rise of lightweight microservices has created a need for a more efficient way to manage them
  • Current technology is not efficient enough for the large number of microservices required by modern applications
  • WebAssembly System Interface (WASI) provides a more lightweight and efficient infrastructure for managing microservices
  • WASI enables non-blocking sockets, supports domain name lookup, and extends the current API to allow for more functionality
  • WASI can be integrated with various databases and frameworks, including MySQL, Maria DB, PostgreSQL, and Redis server
  • The use of WASI can lead to a more efficient and lightweight infrastructure for managing microservices
Authors: Kevin Hoffman
2023-04-21

tldr - powered by Generative AI

WasmCloud is a distributed computing framework that allows for building microservices, functions, and fully distributed systems using simple WebAssembly modules. It provides capabilities such as a web server, key-value store, and event sourcing. The framework takes care of dispatching messages and communicating with state stores, allowing developers to focus on writing simple, testable functions.
  • WasmCloud allows for building microservices, functions, and fully distributed systems using simple WebAssembly modules
  • Capabilities such as a web server, key-value store, and event sourcing are provided
  • The framework takes care of dispatching messages and communicating with state stores
  • Developers can focus on writing simple, testable functions
Authors: Rafael Fernández López, Angel M De Miguel Meana
2023-04-20

tldr - powered by Generative AI

The presentation discusses the use of webassembly and istio to extend the functionality of proxies in Kubernetes clusters.
  • The goal is to demonstrate the possibility of using webassembly to run filters in languages other than C++
  • Istio provides a way to extend proxies with webassembly filters and configure them with HML configuration
  • The filters can be pushed to a default register and pulled by the proxies
  • The webassembly models are portable and can be used in different platforms
  • There is an API to perform HTTP requests outbound and get state from the outside world
Authors: Mauricio Salatino, Adrian Cole
2023-04-20

tldr - powered by Generative AI

The presentation discusses the use of webassembly in Dapper, a distributed application platform, and how it can be used to change the logical inside the deployed cells. The presentation also introduces the HTTP middleware component and the Wasm runtime that is embedded into the Dapper sidecar to run the filter.
  • Webassembly can be used to run third-party code inside the same process without launching another process
  • Dapper started exploring the use of webassembly in 2019
  • The zero dependency webassembly runtime for Go was used to embed webassembly virtual machine into a Go process
  • The HTTP middleware component was introduced to allow users to change requests or response
  • The Wasm runtime is embedded into the Dapper sidecar to run the filter
Authors: David Justice, Kate Goldenring, Radu Matei, Jiaxiao Zhou
2023-04-19

tldr - powered by Generative AI

Spin is a framework for building webassembly microservices and web applications that provides a nice developer and operations experience.
  • Spin is an open source project that was bootstrapped at Vermium and recently released version 1.1
  • Spin provides benefits such as affordability, speed, size, and security
  • Spin contains a runtime with an application model that has a triggering model for responding to events
  • Spin allows for independent webassembly binaries to handle different paths in the URL structure of an application
Authors: Michael Yuan
2022-10-28

tldr - powered by Generative AI

Web Assembly Runtime is a solution to the pain points of cloud native infrastructure. It is small, fast, scalable, secure, and portable across different platforms and programming languages. It enables new types of application architectures and has near-native runtime performance. It is fully supported by Kubernetes and can run side by side with Linux containers. It also integrates with Dapper, a framework designed to help people design microservices.
  • Web Assembly Runtime solves the problems of cloud native infrastructure
  • It is small, fast, scalable, secure, and portable
  • It enables new types of application architectures and has near-native runtime performance
  • It is fully supported by Kubernetes and can run side by side with Linux containers
  • It integrates with Dapper, a framework designed to help people design microservices
Authors: Taylor Thomas, Brooks Townsend
2022-10-26

One of the most common refrains we hear when we talk to people about WebAssembly (Wasm) is "well...I've seen tons of examples but it seems like it is just a toy and not ready for production." In this talk, we hope to prove the opposite! We will discuss how Cosmonic built almost its entire platform using Wasm and wasmCloud. To start, we will review what Wasm and wasmCloud are and how they work. Then, using what we built at Cosmonic as context, we will dive into concrete details of real databases, message queues, event sourcing, key-value stores, infrastructure provisioning, tracing, metrics, and security controls – all leveraging Wasm! With that knowledge, we will review the pros and cons of using Wasm, the gaps that need to be filled, the lessons we learned, and how it helped influence the Wasm community.
Authors: Vivian Hu
2022-10-25

Dapr is a very popular sidecar-based application framework that supports microservices written in many languages. WasmEdge is a cloud-native WebAssembly runtime. It provides the necessary networking APIs to support WebAssembly-based microservices. In this talk, I will demonstrate how to create Rust and JavaScript functions, and run them as Dapr microservices through the WasmEdge runtime. I will also cover more advanced topics such as how to interact with Dapr APIs from the WebAssembly function and how to manage the WadmEdge microservices using Kubernetes. Source code and a live example are available here: https://github.com/second-state/dapr-wasm
Conference:  ContainerCon 2022
Authors: Max Körbächer
2022-06-24

tldr - powered by Generative AI

WebAssembly and Kubernetes have a lot of potential for use cases beyond the browser, but there are still some limitations and challenges to overcome.
  • WebAssembly can run alongside existing technologies and has good adoption possibilities
  • It has a small resource footprint and is highly secure, but not all programming languages are supported
  • Kubernetes can extend the use of WebAssembly beyond the browser, but there are still some harmonization issues to be resolved
  • WebAssembly is not suitable for heavy lifting applications and will not replace containers
  • WebAssembly and Kubernetes together have a lot of potential for the future