The University of California San Diego has joined The Bytecode Alliance, a nonprofit organization dedicated to creating new software foundations and building on standards such as WebAssembly and WebAssembly System Interface (WASI). UC San Diego is part of a cross-industry collaboration alongside other new members Arm, DFINITY Foundation, Embark Studios, Google and Shopify to support the alliance, which was incorporated by Fastly, Intel, Mozilla and Microsoft.
These organizations share a vision of a WebAssembly ecosystem that fixes cracks in today’s software foundations that are holding the industry and its software supply chains back from a secure, performant, cross-platform and cross-device future.
“WebAssembly is quickly becoming the de facto intermediate representation for building secure systems. WebAssembly takes a principled approach to security and gives us just the right building blocks to build the next generation secure and high-assurance systems,” said Deian Stefan, an assistant professor in the Computer Science and Engineering Department at the UC San Diego Jacobs School of Engineering. “It’s a core part of the sandboxing and high-assurance security toolkits we are developing at UC San Diego.”
UC San Diego researchers and collaborators have developed the RLBox framework that uses WebAssembly to sandbox libraries, the CT-Wasm language extension for writing secure crypto code in WebAssembly, the Swivel compiler that mitigates Spectre attacks and the VeriWasm tool that verifies the safety of native compiled WebAssembly.
“As members of the Bytecode Alliance we hope to help shape the direction of WebAssembly and contribute tools and techniques that will amplify the alliance’s vision towards a more secure software ecosystem,” Stefan said.
The Bytecode Alliance, founded in 2019, has helped bring attention to the inherent weaknesses in predominant models for building software, which rely heavily on composing up to thousands of third-party modules without security boundaries between them. These weaknesses in the software supply chain have historically been instrumental in breaching government systems, critical infrastructure services, and a large number of companies, as well as in stealing personal information of hundreds of millions, perhaps even billions of people.