Signing and Encrypting WebAssembly Modules

In the previous section I talked about taking a paranoia approach to defense against external client tampering with WebAssembly modules. The consequences for module tampering can be far, far worse if you’re distributing and using modules within your data center, cloud, or enterprise.

Let’s say you’ve adopted WebAssembly and you’re running some form of FaaS (Functions as a Service) infrastructure. Everything is great and you’re loving the ease and portability you get, and you love the nearly crash-proof nature of running an interpreter on WebAssembly modules.

What if someone were to manage to slip a bad WebAssembly module into the environment. If your host protocol allows those modules to do things ...

Get Programming WebAssembly with Rust now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.