Beyond Static Middleware: Rust Security Meets WASM Isolation

Web services are stuck choosing between safe-but-static middleware and flexible-but-risky plugins. This talk demonstrates how WebAssembly's sandboxing combines with Rust's type safety through Tower's middleware layer to break this tradeoff. You'll see the complete architecture for running untrusted code safely in production—from pattern-based routing to fuel-metered execution—with real-world examples of authentication, validation, and rate limiting as hot-swappable WASM modules. Learn when WASM middleware makes sense, how to cross the Rust-WASM boundary securely, and build truly dynamic web services without sacrificing Rust's security guarantees. Includes live demonstrations and performance benchmarks.

Guard at the Gate: An Adaptive Intrusion Prevention System in Rust with Vector-Database Driven

This talk presents a Rust-native IPS with an eight-stage real-time pipeline: async log ingestion from multiple services, 1000+ compiled attack signatures, vector similarity search via a custom Rust vector database with per-class cosine similarity thresholds for adjustable sensitivity, threat scoring with progressive blocking, nftables kernel hash sets for O(1) enforcement, async attacker intelligence gathering, SQLite persistence with SIEM export, and automated cleanup.
The key innovation is the offline learning loop: log files are periodically analyzed to identify attacks that were missed by the real-time pipeline. Missed attacks are vectorized and embedded into the vector database, improving future detection without manual rule writing. This deliberate separation—learning offline, detecting in real time—prevents vector poisoning while letting the system get smarter from every attack it fails to catch.
We’ll walk through the pipeline architecture, the vector database integration, sensitivity tuning, the learning loop, and a live demo showing real-time detection, sensitivity adjustment, and a missed attack being learned then caught on replay. Attendees leave with Rust patterns for adaptive systems (RAII for firewall rules, trait-based vectorization, Tokio+Rayon parallelism, feature flags) and two open-source projects they can deploy.

HDMI projector and screen
40 minute talk.
TV host (TVLinux, China America Bridge) 5 years, other conferences