Sandboxing untrusted code with WebAssembly
Plenary | Mon 20 Jan 10:45 a.m.–11:30 a.m.
Presented by
-
Katie Bell
https://katiebell.net/
Katie has been a Software Engineer for 15 years now, and it's been pretty darn fun. In the past she's worked at Google, Campaign Monitor and a handful of startups. She's been a bootcamp instructor, a freelance developer, a Site Reliability Engineer and something called a 'DevOps Crew Captain'. Currently she's a Staff Software Engineer at MongoDB.
Katie Bell
https://katiebell.net/
Abstract
WebAssembly was built so websites could run compiled code from any language, but it turns out this low-overhead way to run untrusted code is useful outside the browser too!
WebAssembly is already being used by Shopify to execute custom functions for third-party plugins, by Fastly and Cloudflare to host cheap edge workers, and by Firefox to sandbox memory-unsafe libraries. This talk will go through what WebAssembly is and how it's being used in the real world to sandbox untrusted code. We'll also discuss the tradeoffs to consider when weighing up different sandboxing options.
To give us a concrete example to work with, the talk will include a live demo. You, the audience, will be invited to upload your own code in the language of your choice to compete in a simple game! For an extra challenge, you're welcome to try to break out of the WebAssembly sandbox too.
WebAssembly was built so websites could run compiled code from any language, but it turns out this low-overhead way to run untrusted code is useful outside the browser too! WebAssembly is already being used by Shopify to execute custom functions for third-party plugins, by Fastly and Cloudflare to host cheap edge workers, and by Firefox to sandbox memory-unsafe libraries. This talk will go through what WebAssembly is and how it's being used in the real world to sandbox untrusted code. We'll also discuss the tradeoffs to consider when weighing up different sandboxing options. To give us a concrete example to work with, the talk will include a live demo. You, the audience, will be invited to upload your own code in the language of your choice to compete in a simple game! For an extra challenge, you're welcome to try to break out of the WebAssembly sandbox too.