"Award-Winning Research Paves the Way for Provably-Safe Sandboxing Using WebAssembly"

In the realm of computer programming, developers face the challenge of using untrusted code safely. For example, libraries and frameworks help coders avoid tedious and redundant work, but using code from unverified sources can be dangerous without the proper safeguards implemented. Untrusted code can deplete system resources, cause data breaches, compromise system integrity, and even create vulnerabilities that allow outsiders to use machines for illegal purposes. Jay Bosamiya, a Ph.D. student in Carnegie Mellon's Computer Science Department (CSD), and his advisor Bryan Parno, a professor in CSD and the Department of Electrical and Computer Engineering (ECE), have been researching ways to eliminate the threats associated with untrusted code. Bosamiya, Parno, and Wen Shih Lim, a master's student in the School of Computer Science, observed in their recent award-winning paper, "Provably-Safe Multilingual Software Sandboxing Using WebAssembly," that WebAssembly (Wasm) is ideally positioned to safely execute untrusted code because it promises safety and performance while serving as a compiler target for many high-level languages. However, the team emphasizes that its promises are only as strong as its implementation. Security flaws are frequently discovered in various implementations. Writing a high-performance compiler is difficult enough, but Wasm compilers must also protect against adversarial inputs, which makes it even more difficult. In order to address this issue, the team has created two distinct methods for safely executing Wasm code using provably-safe software sandboxing, which is a technique that limits the impact of any bugs or malice in the untrusted code, preventing it from harming code or data in its environment. This article continues to discuss the approaches developed by the researchers to safely execute Wasm code via provably-safe software sandboxing. 

CyLab reports "Award-Winning Research Paves the Way for Provably-Safe Sandboxing Using WebAssembly"

Submitted by Anonymous on