Securing UnSafe Rust Programs with XRust.
Saved in:
| Title: | Securing UnSafe Rust Programs with XRust. |
|---|---|
| Authors: | Peiming Liu1 peiming@tamu.edu, Gang Zhao1 zhaogang92@tamu.edu, Huang, Jeff1 jeff@cse.tamu.edu |
| Source: | ICSE: International Conference on Software Engineering. 6/17/2020, p234-245. 12p. |
| Subjects: | Systems programming (Computer science), Programming languages, Computer programming, Computer software, Automation |
| Abstract: | Rust is a promising systems programming language that embraces both high-level memory safety and low-level resource manipulation. However, the dark side of Rust, unsafe Rust, leaves a large security hole as it bypasses the Rust type system in order to support lowlevel operations. Recently, several real-world memory corruption vulnerabilities have been discovered in Rust's standard libraries. We present XRust, a new technique that mitigates the security threat of unsafe Rust by ensuring the integrity of data flow from unsafe Rust code to safe Rust code. The cornerstone of XRust is a novel heap allocator that isolates the memory of unsafe Rust from that accessed only in safe Rust, and prevents any cross-region memory corruption. Our design of XRust supports both singleand multi-threaded Rust programs. Our extensive experiments on real-world Rust applications and standard libraries show that XRust is both highly efficient and effective in practice. [ABSTRACT FROM AUTHOR] |
| Copyright of ICSE: International Conference on Software Engineering is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Links: – Type: pdflink Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 155540213 AccessLevel: 6 PubType: Conference PubTypeId: conference PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Securing UnSafe Rust Programs with XRust. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Peiming+Liu%22">Peiming Liu</searchLink><relatesTo>1</relatesTo><i> peiming@tamu.edu</i><br /><searchLink fieldCode="AR" term="%22Gang+Zhao%22">Gang Zhao</searchLink><relatesTo>1</relatesTo><i> zhaogang92@tamu.edu</i><br /><searchLink fieldCode="AR" term="%22Huang%2C+Jeff%22">Huang, Jeff</searchLink><relatesTo>1</relatesTo><i> jeff@cse.tamu.edu</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22ICSE%3A+International+Conference+on+Software+Engineering%22">ICSE: International Conference on Software Engineering</searchLink>. 6/17/2020, p234-245. 12p. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Systems+programming+%28Computer+science%29%22">Systems programming (Computer science)</searchLink><br /><searchLink fieldCode="DE" term="%22Programming+languages%22">Programming languages</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+programming%22">Computer programming</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+software%22">Computer software</searchLink><br /><searchLink fieldCode="DE" term="%22Automation%22">Automation</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: Rust is a promising systems programming language that embraces both high-level memory safety and low-level resource manipulation. However, the dark side of Rust, unsafe Rust, leaves a large security hole as it bypasses the Rust type system in order to support lowlevel operations. Recently, several real-world memory corruption vulnerabilities have been discovered in Rust's standard libraries. We present XRust, a new technique that mitigates the security threat of unsafe Rust by ensuring the integrity of data flow from unsafe Rust code to safe Rust code. The cornerstone of XRust is a novel heap allocator that isolates the memory of unsafe Rust from that accessed only in safe Rust, and prevents any cross-region memory corruption. Our design of XRust supports both singleand multi-threaded Rust programs. Our extensive experiments on real-world Rust applications and standard libraries show that XRust is both highly efficient and effective in practice. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of ICSE: International Conference on Software Engineering is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=155540213 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1145/3377811.3380325 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 12 StartPage: 234 Subjects: – SubjectFull: Systems programming (Computer science) Type: general – SubjectFull: Programming languages Type: general – SubjectFull: Computer programming Type: general – SubjectFull: Computer software Type: general – SubjectFull: Automation Type: general Titles: – TitleFull: Securing UnSafe Rust Programs with XRust. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Peiming Liu – PersonEntity: Name: NameFull: Gang Zhao – PersonEntity: Name: NameFull: Huang, Jeff IsPartOfRelationships: – BibEntity: Dates: – D: 17 M: 06 Text: 6/17/2020 Type: published Y: 2020 Titles: – TitleFull: ICSE: International Conference on Software Engineering Type: main |
| ResultId | 1 |
