Safe Application Execution on Resource-Constrained IoT Devices Using WebAssembly

Engstrand, Fredrik

January 2024

The Internet of Things (IoT) comprises many small, embedded devices that operate on severe resource constraints concerning energy, bandwidth, and memory footprints. Software for such devices has traditionally been implemented using relatively low-level languages such as C, which makes it susceptible to introducing bugs or flaws that can compromise the security of the device. This thesis adds interpreted WebAssembly (WASM) bytecode execution to Contiki-NG – an operating system for the next generation IoT devices. This is done using an open-source WASM runtime called WebAssembly Micro Runtime (WAMR). It creates an isolated and secure environment for applications to be executed in that has restricted access to the host operating system. To support the event-driven approach of Contiki-NG, the bytecode execution can be interrupted and resumed as needed, allowing the operating system to handle pending events without significant delays. The result is a way for applications written in a variety of programming languages to be safely executed in Contiki-NG and to interact with its APIs. When tested on Nordic Semiconductor's nRF52840 System-on-Chip (SoC), applications executed as bytecode resulted in an increase in binary size of 2.7-3.1x, and a performance penalty of around 9.2x for C-generated bytecode, and 10.3x for Rust-generated bytecode. For less compute-intensive applications, the performance penalty is not as prominent but still displays a sizable increase in energy consumption compared to native execution.

webassembly

wamr

contiki-ng

safe execution

virtual machine

interpreter

resource-constrained devices

iot

Embedded Systems

Inbäddad systemteknik

Extrakce dat z webu / Web Data Extraction

Novella, Tomáš

January 2016

Creation of web wrappers (i.e programs that extract data from the web) is a subject of study in the field of web data extraction. Designing a domain-specific language for a web wrapper is a challenging task, because it introduces trade-offs between expressiveness of a wrapper's language and safety. In addition, little attention has been paid to execution of a wrapper in restricted environment. In this thesis, we present a new wrapping language -- Serrano -- that has three goals in mind. (1) Ability to run in restricted environment, such as a browser extension, (2) extensibility, to balance the tradeoffs between expressiveness of a command set and safety, and (3) processing capabilities, to eliminate the need for additional programs to clean the extracted data. Serrano has been successfully deployed in a number of projects and provided encouraging results. Powered by TCPDF (www.tcpdf.org)