This work addresses the lack of secure and portable sensor interfaces in IoT devices, which in multi-tenant environments can lead to sensitive data leakage and security exploits. To mitigate this, the authors propose a lightweight WebAssembly-based sandboxing mechanism that introduces the first WASI extension supporting sensor access. Integrated with the Zephyr RTOS and MQTT-SN protocol, the solution enables secure and portable sensor interaction across heterogeneous embedded devices. It provides application memory isolation, fine-grained resource permission control, and secure multi-tenant sharing. Experimental evaluation on Zephyr demonstrates minimal overhead: only a 6% increase in sensor access latency and 5% additional memory usage, while MQTT-SN communication incurs less than 1% extra latency with negligible memory footprint growth.

As the expansion of IoT connectivity continues to provide quality-of-life improvements around the world, they simultaneously introduce increasing privacy and security concerns. The lack of a clear definition in managing shared and protected access to IoT sensors offer channels by which devices can be compromised and sensitive data can be leaked. In recent years, WebAssembly has received considerable attention for its efficient application sandboxing suitable for embedded systems, making it a prime candidate for exploring a secure and portable sensor interface. This paper introduces the first WebAssembly System Interface (WASI) extension offering a secure, portable, and low-footprint sandbox enabling multi-tenant access to sensor data across heterogeneous embedded devices. The runtime extensions provide application memory isolation, ensure appropriate resource privileges by intercepting sensor access, and offer an MQTT-SN interface enabling in-network access control. When targeting the WebAssembly byte-code with the associated runtime extensions implemented atop the Zephyr RTOS, our evaluation of sensor access indicates a latency overhead of 6% with an additional memory footprint of 5% when compared to native execution. As MQTT-SN requests are dominated by network delays, the WASI-SN implementation of MQTT-SN introduces less than 1% additional latency with similar memory footprint.