🤖 AI Summary
WebAssembly (Wasm) is expanding beyond the web due to its portability and low overhead, yet the absence of a standardized system interface severely hinders software reuse and ecosystem growth in general-purpose computing.
Method: This paper introduces WALI (WebAssembly Linux Interface), the first user-space, lightweight virtualization layer that natively exposes Linux system calls to Wasm modules. WALI integrates control-flow integrity enforcement with capability-based API virtualization, enabling secure, dependency-free execution while preserving binary compatibility and layered robustness. Built atop modern Wasm runtimes and leveraging existing compiler backends, it supports capability-driven API abstraction and selective passthrough of critical syscalls.
Contribution/Results: Evaluation shows that multiple real-world applications require only minimal modifications to run on WALI, with bounded performance overhead. WALI significantly enhances Wasm’s applicability and deployment efficiency in general-purpose computing environments.
📝 Abstract
WebAssembly is gaining popularity as a portable binary format targetable from many programming languages. With a well-specified low-level virtual instruction set, minimal memory footprint and many high-performance implementations, it has been successfully adopted for lightweight in-process memory sandboxing in many contexts. Despite these advantages, WebAssembly lacks many standard system interfaces, making it difficult to reuse existing applications. This paper proposes WALI: The WebAssembly Linux Interface, a thin layer over Linux's userspace system calls, creating a new class of virtualization where WebAssembly seamlessly interacts with native processes and the underlying operating system. By virtualizing the lowest level of userspace, WALI offers application portability with little effort and reuses existing compiler backends. With WebAssembly's control flow integrity guarantees, these modules gain an additional level of protection against remote code injection attacks. Furthermore, capability-based APIs can themselves be virtualized and implemented in terms of WALI, improving reuse and robustness through better layering. We present an implementation of WALI in a modern WebAssembly engine and evaluate its performance on a number of applications which we can now compile with mostly trivial effort.