The Three Pillars of WebAssembly - The New Stack - Deepstash
Security

Let’s start with security. It’s at the forefront of many minds these days, with supply chain issues, cryptojacking and data breaches being common news stories. WebAssembly brings some big guns to the security fight in a number of ways, starting with its security sandbox.

When WASM is executed, the code is not given access to anything, including the network, file system or anything else out of the box. This is known as a deny-by-default security model. For the code running inside the WASM sandbox to interact with the outside world, it must be explicitly granted access to host functions.

2 STASHED

To combat the rise of supply-chain attacks, there are also efforts to make cryptographic signing of WebAssembly modules a standard part of the specification. The ability to sign a module with a trusted key and have that signature verified any time a system attempts to run that module will be a big win, and helps cement the “defense in depth” mindset when working with WebAssembly to build applications.

2 STASHED

Language portability is the ability for modules written in one language, like Rust, to run inside a system written in another, like Go. Because WASM runtimes can be embedded within other software, they can be used to introduce specialized components that wouldn’t otherwise be possible in your team’s primary language.

This concept can also be applied to applications that are built by composing together multiple WASM modules written in different languages to form a single piece of software, such as with the Atmo framework, which our company, Suborbital maintains.

2 STASHED

WebAssembly is not tied to any hardware architecture, so it can be executed on several different platforms without needing to re-compile. When a WASM module is executed, it is compiled to machine-native code either ahead-of-time (AOT) or just-in-time (JIT).

WASM runtimes such as Chrome’s V8, Wasmtime or Wasmer perform this compilation automatically. I can see this becoming useful in scenarios where your code gets moved automatically from a central cloud instance to an edge compute network when a spike in traffic causes a certain module to be pummeled by incoming requests.

2 STASHED

1 LIKE

WebAssembly is intended to execute code at native or near-native speeds.

WebAssembly is a representation of your code that can easily be executed in a high-performance manner by optimizing itself for each platform at runtime. We are still in the early days of WebAssembly, but it is already rivaling the performance of the V8 JavaScript engine, which has been optimized over countless years.

2 STASHED

Deepstash helps you become inspired, wiser and productive, through bite-sized ideas from the best articles, books and videos out there.

GET THE APP: