WebAssembly’s Isolation in Today’s and Tomorrow’s Security
Isolation already alleviates considerable pain, a realization that organizations often overlook, and its profound benefits can be instrumentalized through WebAssembly.
Not to say isolation in IT has been neglected — isolation’s attributes often manifest themselves in ways that are not necessarily thought of as isolation. Its key benefits in saving pain and enhancing security are often underappreciated and perhaps misunderstood.
In various domains beyond IT, isolation is a conceptual process providing protection, from biology to political security. The U.S. government has recognized the advantages of isolation for containers in particular, agencies such as the National Institute of Standards and Technology (NIST) where isolation is defined as: “The ability to keep multiple instances of software separated so that each instance only sees and can affect itself.”
Simultaneously, WebAssembly’s structure signifies its capability to provide isolation, allowing tunneled deployments between endpoints and APIs.
The significance of isolation and its importance and prevalence were described in a fascinating talk that Kelly Shortridge, senior principal engineer in the Office of the CTO at edge cloud platform provider Fastly and co-author of Security Chaos Engineering: Sustaining Resilience in Software and Systems, gave during her talk “A Love Letter to Isolation” at KubeCon + Cloud NativeCon North America in November. In the biological sense, isolation, as she noted, traces back to various examples and as it now manifests itself in computing, isolation nevertheless remains an “unsung hero,” Shortridge says.
It is nothing less than “the emergence of life itself ” that relies on isolation, Shortridge said during her talk. Organisms depend on a membrane that partially severs them from the external environment, she said, noting biophysicist Harold J. Morowitz highlights the irreducible condition of life as the necessity for thermodynamic isolation of a subsystem, Shortridge said. “Isolation acts as a selective barrier, allowing positive elements in while keeping harmful ones out. This reduction of the contagion effect is a familiar concept in the context of events like the COVID-19 pandemic, where the failure of one element triggers a chain reaction throughout the system.
Nature, both on micro and macro scales, exhibits layered isolation, serving as the original architect of nested isolation long before the invention of the transistor. This observed isolation spans various biological scales, from proteins and genes to cells, organs, and ecosystems, emphasizing the importance of components separating themselves to some extent from external surroundings and other components.”
In the realm of software, “significant upheavals have marked advancements,” Shortridge said. Examples include the transition from Windows 98 to XP, the introduction of multi-user functionality, and the implementation of site isolation, Shortridge said. Extending to cloud services, multitenant deployments showcase how isolation limits data access points for individual users, minimizing risks.
The introduction of user isolation allowed multiple people to share a computer safely, addressing concerns about accidental data deletion, Shortridge said. “While these advances have made software more resilient and expanded its capabilities, the costs and challenges associated with isolation, particularly in networking scenarios like RPC, are topics worth exploring,” Shortridge said. “Despite the advancements, the significance of isolation in computing cannot be overstated, as it remains a fundamental aspect of ensuring system reliability and security.”
WebAssembly (WASM) emerges as a solution, offering enhanced isolation compared to microservices. Components in WASM can be replaced, acting as puzzle pieces where data exchange between them is restricted, providing resilience against potential security threats.
Kubernetes, a system often compared to WebAssembly, exhibits isolation at the namespace level, limiting damage potential. Browser-based deployment of WebAssembly through the HTTP protocol further showcases isolation instruments, contributing to a secure browsing experience across different endpoints.
Containers, by definition, represent isolated mini-environments. However, it’s not the containers themselves that serve to isolate; it’s the runtimes that determine their isolation capacity.
Then, there are microservices. The beauty of microservices lies in their ability to be fixed or isolated individually if a few fail or are compromised. However, in terms of purer isolation, a WebAssembly module is inherently an isolated environment, distinct from both microservices and containers.
But before exploring how Wasm offers isolating computing, it’s necessary to describe software modularity. Software modularity, unfortunately, “does not emerge naturally like it does in biological evolution,” Shortridge said. “This is why we often see that all-hands-on-deck kind of incidents that affect the whole company — because we don’t have this modularity.
So modularity enables inter-event evolution, which gives the ability to make quick changes, just like we want to do the DevOps and Agile world, rather than investing in like a bunch of big bang changes at once,” Shortridge said. “You can think of modularity as the ability for the system to almost save a bunch of its work and still change just little by little. This is possible because modules allow for basic encapsulation and separation of concerns, which is going to be really important when we start talking about the component model.”
The component model really allows engineers to decompose their app into a modular architecture, wrap the resulting components in a lightweight sandbox, to achieve looser coupling with, importantly, near-native speeds,” Shortridge said. Boundaries enforce what’s called a “shared nothing model.”
“So, each component instance has its own linear memories, tables, and globals, and it doesn’t share it with any other components? So components expose an external API, which is the only way that components can interact with each other. So it does allow us access to like any particular components, memory, and tables,” Shortridge said. “This is huge — the WebAssembly component model gives us the ability to stitch isolated units together in a really transparent and performant way. This is why my colleague at Fastly, Luke Wagner, refers to the WASM component model as modularity without the microservices.”
While Wasm has been a mainstay for distributing applications through the browser, Wasm’s integration of the component model enables it to become a productive and safe way to build and assemble programs, Shortridge said. “The component model again means we work with portable, lightweight, and composable modules that connect to each other in a standard way. That’s already awesome for performance and developer velocity. But those same characteristics actually enable some of the most powerful. and also, frankly, like, coolest security outcomes that I’ve seen across my whole career when I started out in cybersecurity. I think it actually gets us to that nested isolation that we see in nature.”