 Hi, my name is Stefan Reindowitz and I'm a professor at Munich University of Applied Sciences in Germany. I want to talk today about WebAssembly and its usage and embedded systems to build, manage VMs around WebAssembly for scalable secure IoT deployments. I found that WebAssembly is used beyond browsers nowadays and I want to outline a little bit some projects that we are currently starting. So, what is WebAssembly? WebAssembly is an open standard for platform-independent bytecode and as many of you probably know, it's originally been developed in the context of browsers to interface JavaScript and to make more performant web applications. But what you can do is you can compile any other VMs supported language to wasn't like this is short for WebAssembly and as interpreters ahead of time compilation, just in time compilation, all the stuff that you could do with the standard managed VMs comparable to Java, for example. But what I found nowadays is that you also have WebAssembly targeting systems beyond the browser on the side of desktop and server deployments. The WebAssembly system interface could, for example, be of interest and so you can see there's clearly a trajectory of WebAssembly outside of browsers. Why would WebAssembly be interesting for embedded systems is that it has very strong isolation properties, which is a strong benefit of managed VMs. And what you get also by it is some improved portability and you would decouple the languages that you're using, the frameworks, the runtimes and the hardware and you don't have an end-to-end et cetera relation. So this is interesting to us and I started looking into what kind of WebAssembly runtimes we have and how portable they are and to elaborate on some demonstrators so that we know where this could be heading. So of course you have the standard browser runtimes. I don't want to talk about them, but there's also standalone runtimes which get more and more popular and get used in many projects nowadays. So there's VASMA, for example, which is implemented in Rust, which we have a deep look into at the moment. And there's many others, for example, the VASMA MicroRuntime or VASMA 3, which are more tiny and written in C and C++. So what do we want to gain with the projects that we are currently running is the question, how could we build scalable WebAssembly deployments using many applets, spanning multiple devices from server edge down to the device and maybe some sort of trust in embedded system deployments, modern IoT systems. So what we need, and this is not covered by WebAssembly itself, is the lifecycle of applets and the management of applets, even from a remote side. We need authenticated communication so that we actually have some attestation around the underlying system that we are working on. And we need some frameworks in the form of APIs, like Arduino-style programming. We want complex frameworks like the global platform, such things like trust execution environments, etc., maybe CPM. Those kind of things is something we are looking in our research nowadays. So we have started some projects and I just want to quickly go through them and see, I want to describe the potential that we have. The one is the OpenTitan platform, which is an open source root-of-trust silicon device that is driven by Google. There's TokoS, which is planned to be running on top of it, which is a Rust-based operating system. And we are currently working on integrating Vasma and TokoS onto OpenTitan to run WebAssembly in a secure way on a root-of-trust element. You could combine it. This is another project we have as an ESP, like the Expressive Devices 32-bit running the Sapphire real-time-of-rating system. And, for example, run an applet inside a Vasma 3 container inside of Sapphire. Another system that we are working on is Raspberry Pi with Linux and Vasma Time, which is pretty much out of the box. What we are in particular looking into is the question, how do we do cross-platform integration? How can we establish WebAssembly multi-upplet deployments that span all of those devices? And how do we want to integrate them inside a large deployment, spending different levels of devices? And one thing we are particularly looking at is authenticated communication with Spiffer. So it just started recently. You can stay tuned. You can find it on GitHub. There's a brief description of the projects we are running. Please get in touch if you're interested. I'm looking forward to more and exciting topics. Bye.