As the expansion of IoT connectivity continues to provide quality-of-life improvements around the world, they simultaneously introduce increasing privacy and security concerns. The lack of a clear definition in managing shared and protected access to IoT sensors offer channels by which devices can be compromised and sensitive data can be leaked. In recent years, WebAssembly has received considerable attention for its efficient application sandboxing suitable for embedded systems, making it a prime candidate for exploring a secure and portable sensor interface. This paper introduces the first WebAssembly System Interface (WASI) extension offering a secure, portable, and low-footprint sandbox enabling multi-tenant access to sensor data across heterogeneous embedded devices. The runtime extensions provide application memory isolation, ensure appropriate resource privileges by intercepting sensor access, and offer an MQTT-SN interface enabling in-network access control. When targeting the WebAssembly byte-code with the associated runtime extensions implemented atop the Zephyr RTOS, our evaluation of sensor access indicates a latency overhead of 6% with an additional memory footprint of 5% when compared to native execution. As MQTT-SN requests are dominated by network delays, the WASI-SN implementation of MQTT-SN introduces less than 1% additional latency with similar memory footprint.

翻译：随着物联网连接规模的持续扩大为全球生活品质带来改善的同时，也日益引发隐私与安全方面的隐忧。在管理物联网传感器的共享与受保护访问方面缺乏明确定义，为设备遭受攻击和敏感数据泄露提供了通道。近年来，WebAssembly因其适用于嵌入式系统的高效应用沙箱机制而备受关注，成为探索安全便携式传感器接口的理想候选方案。本文首次提出WebAssembly系统接口（WASI）扩展，该扩展提供了一种安全、便携且低开销的沙箱环境，支持在异构嵌入式设备上实现传感器数据的多租户访问。运行时扩展通过以下机制实现：提供应用程序内存隔离，通过拦截传感器访问确保资源权限的合理分配，并提供支持网络内访问控制的MQTT-SN接口。在Zephyr实时操作系统上实现相关运行时扩展并针对WebAssembly字节码进行评估，结果表明：与本地执行相比，传感器访问的延迟开销为6%，额外内存占用为5%。由于MQTT-SN请求主要受网络延迟影响，其WASI-SN实现带来的额外延迟低于1%，且内存占用增幅相近。