This repository contains the source code for the paper Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust
Published at IEEE-SECDEV 2023.
Rust is a popular memory-safe systems programming language. In order to interact with hardware or call into non- Rust libraries, Rust provides unsafe language features that shift responsibility for ensuring memory safety to the developer. Failing to do so, may lead to memory safety violations in unsafe code which can violate safety of the entire application. In this work we explore in-process isolation with Memory Protection Keys as a mechanism to shield safe program sections from safety violations that may happen in unsafe sections. Our approach is easy to use and comprehensive as it prevents heap and stack-based violations. We further compare process-based and in-process isolation mechanisms and the necessary requirements for data serialization, communication, and context switching. Our results show that in-process isolation can be effective and efficient, permits for a high degree of automation, and also enables a notion of application rewinding where the safe program section may detect and safely handle violations in unsafe code.
Install Cargo
sudo apt install cargo
Additionally, you'll need to install rustup with the nightly release. Some features used in this project are only available with the nightly release. You can install rustup from https://rustup.rs/
This repository can be cloned using the following commands:
git clone --recursive https://github.com/EricssonResearch/sdradrustffi.git
Note that sdrad library should be in the sdrad_ffi branch
SDRaD-FFI accommodates various serialization crates required for different purposes, including:
- abomonation_v1: original version for abomonation
- abomonation_v2: that has include
<Vec<u8>>optimization for abomonation - bincode_v1: bincode version 1
- bincode_v2: bincode version 2
To compile SDRaD-FFI, run cargo build with selected features
cargo build --features "abomonation_v1"
To compartmentalize functions belonging to an unsafe library interface, they can be
annotated with sandbox! macro provided similiar to Sandcrust
sandbox!{
fn F (...) {
unsafe {
... // unsafe code
}
}
}
sdradrustffi requires a CPU supporting Intel Memory Protection Keys (MPK) and a Linux Kernel supporting MPK
Note: Current version of sdradrustffi doesn't support Hashbrown table, that is used by cargo test.
© Ericsson AB 2023
BSD 3-Clause License