The Three Pillars of WebAssembly – InApps 2025

Main Contents:

The Three Pillars of WebAssembly – InApps is an article under the topic Software Development Many of you are most interested in today !! Today, let’s InApps.net learn The Three Pillars of WebAssembly – InApps in today’s post !

Key Summary

This article from InApps Technology, published in 2022 and authored by Phu Nguyen, features insights from Connor Hicks, a staff developer at 1Password and leader of the Suborbital open-source project. It explores WebAssembly (WASM), a transformative technology for executing code in environments like web browsers, edge clouds, and IoT devices. The article outlines three core pillars of WASM: security, portability, and performance, which make it a powerful tool for modern software development. WASM’s deny-by-default security model, language and platform portability, and near-native performance enable secure, flexible, and efficient applications. These attributes position WASM to power future software workflows, potentially becoming an invisible yet foundational technology, much like assembly code today.

Context:
- Author: Phu Nguyen, summarizing insights from Connor Hicks, a security and distributed systems expert.
- Theme: WebAssembly (WASM) is revolutionizing software execution through its security, portability, and performance, with applications across web, cloud, and IoT.
- Source: InApps article, referencing Hicks’ work with Suborbital and the Atmo framework.
Three Pillars of WebAssembly:
- Security:
  - Deny-by-Default Model: WASM modules run in a sandbox with no inherent access to network, file system, or other resources unless explicitly granted via host functions (e.g., fetch API, DOM in browsers, or WASI for file system or system time access).
  - Cryptographic Signing: Emerging standards aim to sign WASM modules to verify authenticity, combating supply-chain attacks and ensuring trusted vendor libraries.
  - Impact: Enhances defense in depth, critical for secure API libraries and cross-language module linking.
- Portability:
  - Language Portability: WASM allows modules written in languages like Rust to run within systems built in others like Go, enabling cross-language integration (e.g., Atmo framework combines modules for composite applications).
  - Platform Portability: WASM is hardware-agnostic, running on IoT devices, cloud VMs, or edge networks without recompilation, using AOT (ahead-of-time) or JIT (just-in-time) compilation via runtimes like Chrome V8, Wasmtime, or Wasmer.
  - Impact: Simplifies deployment across diverse environments, supporting scenarios like dynamic edge compute scaling.
- Performance:
  - Near-Native Speed: WASM executes at or near native code speeds, optimized for each platform at runtime.
  - Comparison: Rivals V8 JavaScript engine performance, with future improvements benefiting all WASM-compiled languages.
  - Impact: Enables high-performance applications, reducing overhead from garbage collection or virtualization.
Broader Significance:
- Future Vision: WASM aims to be an underlying technology, invisible to developers like assembly code, but with built-in security, portability, and performance.
- Applications: Powers web applications, edge computing, IoT, and cloud-native solutions, enhancing flexibility and efficiency.
- Business Relevance: At least two of the three pillars (security, portability, performance) align with most development priorities, encouraging WASM adoption.
InApps Insight:
- InApps Technology, ranked 1st in Vietnam and 5th in Southeast Asia for app and software development, specializes in WebAssembly and cloud-native solutions, using React Native, ReactJS, Node.js, Vue.js, Microsoft’s Power Platform, Azure, Power Fx (low-code), Azure Durable Functions, and GraphQL APIs (e.g., Apollo).
- Offers outsourcing services for startups and enterprises, delivering cost-effective solutions at 30% of local vendor costs, supported by Vietnam’s 430,000 software developers and 1.03 million ICT professionals.
- Relevance: Expertise in WASM and secure, portable architectures aligns with developing high-performance, cross-platform applications.
Call to Action:
- Contact InApps Technology at www.inapps.net or sales@inapps.net to develop WebAssembly-based applications for web, edge, or IoT environments.

Security

Connor Hicks

Connor is a staff developer based in Ottawa, Canada, who works on security and distributed systems projects. He leads Product Discovery at 1Password as well as building the Suborbital open source project. Connor is a strong believer in building security and privacy into the core of all software, and is exploring the next generation of web service development with technologies like WebAssembly.

Let’s start with security. It’s at the forefront of many minds these days, with supply chain issues, cryptojacking and data breaches being common news stories. WebAssembly brings some big guns to the security fight in a number of ways, starting with its security sandbox.

When WASM is executed, the code is not given access to anything, including the network, file system or anything else out of the box. This is known as a deny-by-default security model, and it’s not something implemented by container technologies such as Docker. For the code running inside the WASM sandbox to interact with the outside world, it must be explicitly granted access to host functions.

The web browser can grant a WASM module certain abilities such as the fetch API and access to the DOM. Other hosts like cloud environments can use WASI (the WebAssembly System Interface) to grant the module access to the file system, randomness (like /dev/urandom) and common things like the system time. All of this ensures that the code inside a WASM module is only given access to the resources it needs to operate and nothing more.

To combat the rise of supply-chain attacks, there are also efforts to make cryptographic signing of WebAssembly modules a standard part of the specification. The ability to sign a module with a trusted key and have that signature verified any time a system attempts to run that module will be a big win, and helps cement the “defense in depth” mindset when working with WebAssembly to build applications.

It will become especially important when software vendors begin distributing their API libraries as WASM modules; we’ll be able to take advantage of cross-language module linking (the ability for modules built from different languages to share memory and functions), but also verify that the module was produced by the vendor and has not been tampered with.

Portability

The idea of linking modules brings us to the second pillar, portability. I like to think about WASM’s portability in two ways: language portability and platform portability. Language portability is the ability for modules written in one language, like Rust, to run inside a system written in another, like Go. Because WASM runtimes can be embedded within other software, they can be used to introduce specialized components that wouldn’t otherwise be possible in your team’s primary language. This concept can also be applied to applications that are built by composing together multiple WASM modules written in different languages to form a single piece of software, such as with the Atmo framework, which our company, Suborbital maintains.

In regard to platform portability, WebAssembly is not tied to any hardware architecture, so it can be executed on several different platforms without needing to re-compile. This would allow you, for example, to produce a single WASM file and run it on both an IoT device and a cloud virtual machine. When a WASM module is executed, it is compiled to machine-native code either ahead-of-time (AOT) or just-in-time (JIT).

WASM runtimes such as Chrome’s V8, Wasmtime or Wasmer perform this compilation automatically, which makes running any module very simple. I can see this becoming useful in scenarios where your code gets moved automatically from a central cloud instance to an edge compute network when a spike in traffic causes a certain module to be pummeled by incoming requests, for example.

Performance

That leaves us with the final pillar, performance. WebAssembly is intended to execute code at native or near-native speeds. There are a number of factors that play into the performance of any application, including language, hardware, garbage collection, virtualization and more.

WebAssembly is a representation of your code that can easily be executed in a high-performance manner by optimizing itself for each platform at runtime. We are still in the early days of WebAssembly, but it is already rivaling the performance of the V8 JavaScript engine, which has been optimized over countless years. All languages that compile to WebAssembly will benefit from any future performance improvements brought to WASM runtimes, which is a big win for everyone.

I invite you to think about the software you’re building and ask yourself what aspects of your development platform are most important to you. I’m willing to bet that at least two of the three pillars that I discussed here are a key factor to your business, and that you would be able to improve upon your code’s key attributes by adopting WebAssembly as a technology. The hope is that WASM will become an underlying technology that powers software workflows without developers needing to care much about it at all, just as the majority of developers don’t concern themselves with the assembly code generated by their language’s compilers today.

The main difference is that WebAssembly has these great properties built in from the start to ensure your code is secure, portable and performant by default, which cannot be said for today’s software tooling.

InApps is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.

Feature photo by Kevin Jackson on Unsplash.

Source: InApps.net

Rate this post

Phu Nguyen

As a Senior Tech Enthusiast, I bring a decade of experience to the realm of tech writing, blending deep industry knowledge with a passion for storytelling. With expertise in software development to emerging tech trends like AI and IoT—my articles not only inform but also inspire. My journey in tech writing has been marked by a commitment to accuracy, clarity, and engaging storytelling, making me a trusted voice in the tech community.