This work addresses the challenge of short embedded-system lifecycles and inflexible driver updates in industrial automation, hindering timely compliance with evolving regulations and market demands. To this end, we propose Wasm-IO—a novel framework that pioneers the adaptation of WebAssembly (Wasm) to safety-isolated peripheral I/O execution. Wasm-IO introduces a first-of-its-kind Wasm-based interrupt priority extension model enabling deterministic, time-isolated interrupt handling, coupled with platform-agnostic inlined driver support and synchronous I/O abstractions to enable standards-compliant driver hot-swapping. Leveraging lightweight containerization, interrupt virtualization, and real-time scheduling, it significantly reduces I/O latency and runtime overhead. Experimental evaluation demonstrates cross-platform portability, strong spatial and temporal isolation, and practical feasibility on real industrial hardware. Wasm-IO establishes a secure, flexible, and sustainably evolvable paradigm for driver execution in industrial embedded systems.

Containerization has become a ubiquitous tool in software development. Due to its numerous benefits, including platform interoperability and secure execution of untrusted third-party code, this technology is a boon to industrial automation, promising to provide aid for their inherent challenges - except one, which is interaction with physical devices. Unfortunately, this presents a substantial barrier to widespread adoption. In response to this challenge, we present Wasm-IO, a framework designed to facilitate peripheral I/O operations within WebAssembly (Wasm) containers. We elucidate fundamental methodologies and various implementations that enable the development of arbitrary device drivers in Wasm. Thereby, we address the needs of the industrial automation sector, where a prolonged device lifetime combined with changing regulatory requirements and market pressure fundamentally contrasts vendors' responsibility concerns regarding post-deployment system modifications to incorporate new, isolated drivers. In this paper, we detail synchronous I/O and methods for embedding platform-independent peripheral configurations withinWasm binaries.We introduce an extended priority model that enables interrupt handling in Wasm while maintaining temporal isolation. Our evaluation shows that our proposed Wasm isolation can significantly reduce latency and overhead. The results of our driver case study corroborate this. We conclude by discussing overarching system designs that leverage Wasm-IO, including scheduling methodologies.