Ensuring Memory Safety for the Transition from C/C++ to Rust |

Motivation

Re-writing or porting existing software to a new programming language in a whole can be a costly venture for companies and organizations. Therefore, it might be more feasible to gradually replace C/C++ code by Rust code and perform the language transition step-by-step. Fortunately, Rust has built-in support for interoperability with C using the Foreign Function Interface (FFI). This allows Rust functions to be integrated in C/C++ code bases or vice versa.
However, exchanging data structures over this language boundary is prone to memory-safety issues—as shown, e.g., by Li et al.¹ and Mergendahl et al.² To counter those issues, I research ideas to prevent memory-safety vulnerabilities in mixed language binaries.
I developed a concept that utilizes memory-safety sanitizers to introduce additional security checks for only those memory objects which are passed over the unsafe language boundary between C/C++ and Rust—while memory objects which are only used in safe Rust code (and whose memory safety can be proven by the Rust compiler) are omitted from additional security checks.
This allows for building memory-safe mixed-language programs with only minimized performance overhead. And it comes with a great incentive: the more C/C++ functions you replace by safe Rust code, the less performance overhead is introduced.
Currently, I work on two PoC memory-safety sanitizers implemented in the LLVM Compiler Framework that are able to interact with a modified Rust compiler to exchange size and lifetime information of memory objects that are passed over language boundaries.
I am looking forward to publish my research prototypes and results soon.

Published Poster at NDSS 2024

I created a poster and a 2-page extended abstract of my current state of research which was accepted at NDSS 2024. I will be in San Diego from Feb. 26th - Mar 1st to present this at the conference and will be happy to talk about my findings and get feedback.

Poster + Abstract

Presentation 2023-10-17: Galois Tech Talk Series

Galois Inc. invited me to give a presentation as part of their tech talks in October 2023.

Slides
Recording: to be published

Presentation 2023-09-05: Rust Munich Meetup

I was happy to present preliminary results of my research prototype at the Rust Munich Meetup in September 2023.

Recording

Li, Z., Wang, J., Sun, M., Lui, J.C.S. (2022). Detecting Cross-language Memory Management Issues in Rust. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13556. Springer, Cham. https://doi.org/10.1007/978-3-031-17143-7_33. ↩︎
Mergendahl, Samuel, Nathan Burow, und Hamed Okhravi. „Cross-Language Attacks“. In Proceedings 2022 Network and Distributed System Security Symposium. San Diego, CA, USA: Internet Society, 2022. https://doi.org/10.14722/ndss.2022.24078. ↩︎