Building Bridges: Safe Interactions with Foreign Languages through Omniglot

Leon Schuermann; Jack Toubes; Tyler Potyondy; Pat Pannuto; Mae Milano; Amit Aryeh Levy

Building Bridges: Safe Interactions with Foreign Languages through Omniglot

Leon Schuermann
, Jack Toubes
, Tyler Potyondy
, Pat Pannuto
, Mae Milano
, Amit Aryeh Levy

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Memory- and type-safe languages promise to eliminate entire classes of systems vulnerabilities by construction. In practice, though, even clean-slate systems often need to incorporate libraries written in other languages with fewer safety guarantees. Because these interactions threaten the soundness of safe languages, they can reintroduce the exact vulnerabilities that safe languages prevent in the first place. This paper presents Omniglot: the first framework to efficiently uphold safety and soundness of Rust in the presence of unmodified and untrusted foreign libraries. Omniglot facilitates interactions with foreign code by integrating with a memory isolation primitive and validation infrastructure, and avoids expensive operations such as copying or serialization. We implement Omniglot for two systems: we use it to integrate kernel components in a highly-constrained embedded operating system kernel, as well as to interface with conventional Linux userspace libraries. Omniglot performs comparably to approaches that deliver weaker guarantees and significantly better than those with similar safety guarantees.

Original language	English (US)
Title of host publication	Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025
Publisher	USENIX Association
Pages	595-613
Number of pages	19
ISBN (Electronic)	9781939133472
State	Published - 2025
Event	19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025 - Boston, United States Duration: Jul 7 2025 → Jul 9 2025

Publication series

Name	Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025

Conference

Conference	19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025
Country/Territory	United States
City	Boston
Period	7/7/25 → 7/9/25

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Hardware and Architecture
Information Systems

Cite this

Schuermann, L., Toubes, J., Potyondy, T., Pannuto, P., Milano, M., & Levy, A. A. (2025). Building Bridges: Safe Interactions with Foreign Languages through Omniglot. In Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025 (pp. 595-613). (Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025). USENIX Association.

Schuermann, Leon ; Toubes, Jack ; Potyondy, Tyler et al. / Building Bridges : Safe Interactions with Foreign Languages through Omniglot. Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025. USENIX Association, 2025. pp. 595-613 (Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025).

@inproceedings{2dca69947edc4ab8a871367b5c67ee12,

title = "Building Bridges: Safe Interactions with Foreign Languages through Omniglot",

abstract = "Memory- and type-safe languages promise to eliminate entire classes of systems vulnerabilities by construction. In practice, though, even clean-slate systems often need to incorporate libraries written in other languages with fewer safety guarantees. Because these interactions threaten the soundness of safe languages, they can reintroduce the exact vulnerabilities that safe languages prevent in the first place. This paper presents Omniglot: the first framework to efficiently uphold safety and soundness of Rust in the presence of unmodified and untrusted foreign libraries. Omniglot facilitates interactions with foreign code by integrating with a memory isolation primitive and validation infrastructure, and avoids expensive operations such as copying or serialization. We implement Omniglot for two systems: we use it to integrate kernel components in a highly-constrained embedded operating system kernel, as well as to interface with conventional Linux userspace libraries. Omniglot performs comparably to approaches that deliver weaker guarantees and significantly better than those with similar safety guarantees.",

author = "Leon Schuermann and Jack Toubes and Tyler Potyondy and Pat Pannuto and Mae Milano and Levy, \{Amit Aryeh\}",

note = "Publisher Copyright: {\textcopyright} 2025 by The USENIX Association. All rights reserved.; 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025 ; Conference date: 07-07-2025 Through 09-07-2025",

year = "2025",

language = "English (US)",

series = "Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025",

publisher = "USENIX Association",

pages = "595--613",

booktitle = "Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025",

}

Schuermann, L, Toubes, J, Potyondy, T, Pannuto, P, Milano, M & Levy, AA 2025, Building Bridges: Safe Interactions with Foreign Languages through Omniglot. in Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025. Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025, USENIX Association, pp. 595-613, 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025, Boston, United States, 7/7/25.

Building Bridges: Safe Interactions with Foreign Languages through Omniglot. / Schuermann, Leon; Toubes, Jack; Potyondy, Tyler et al.
Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025. USENIX Association, 2025. p. 595-613 (Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Building Bridges

T2 - 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025

AU - Schuermann, Leon

AU - Toubes, Jack

AU - Potyondy, Tyler

AU - Pannuto, Pat

AU - Milano, Mae

AU - Levy, Amit Aryeh

PY - 2025

Y1 - 2025

N2 - Memory- and type-safe languages promise to eliminate entire classes of systems vulnerabilities by construction. In practice, though, even clean-slate systems often need to incorporate libraries written in other languages with fewer safety guarantees. Because these interactions threaten the soundness of safe languages, they can reintroduce the exact vulnerabilities that safe languages prevent in the first place. This paper presents Omniglot: the first framework to efficiently uphold safety and soundness of Rust in the presence of unmodified and untrusted foreign libraries. Omniglot facilitates interactions with foreign code by integrating with a memory isolation primitive and validation infrastructure, and avoids expensive operations such as copying or serialization. We implement Omniglot for two systems: we use it to integrate kernel components in a highly-constrained embedded operating system kernel, as well as to interface with conventional Linux userspace libraries. Omniglot performs comparably to approaches that deliver weaker guarantees and significantly better than those with similar safety guarantees.

AB - Memory- and type-safe languages promise to eliminate entire classes of systems vulnerabilities by construction. In practice, though, even clean-slate systems often need to incorporate libraries written in other languages with fewer safety guarantees. Because these interactions threaten the soundness of safe languages, they can reintroduce the exact vulnerabilities that safe languages prevent in the first place. This paper presents Omniglot: the first framework to efficiently uphold safety and soundness of Rust in the presence of unmodified and untrusted foreign libraries. Omniglot facilitates interactions with foreign code by integrating with a memory isolation primitive and validation infrastructure, and avoids expensive operations such as copying or serialization. We implement Omniglot for two systems: we use it to integrate kernel components in a highly-constrained embedded operating system kernel, as well as to interface with conventional Linux userspace libraries. Omniglot performs comparably to approaches that deliver weaker guarantees and significantly better than those with similar safety guarantees.

UR - https://www.scopus.com/pages/publications/105011588107

UR - https://www.scopus.com/pages/publications/105011588107#tab=citedBy

M3 - Conference contribution

AN - SCOPUS:105011588107

T3 - Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025

SP - 595

EP - 613

BT - Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025

PB - USENIX Association

Y2 - 7 July 2025 through 9 July 2025

ER -

Schuermann L, Toubes J, Potyondy T, Pannuto P, Milano M, Levy AA. Building Bridges: Safe Interactions with Foreign Languages through Omniglot. In Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025. USENIX Association. 2025. p. 595-613. (Proceedings of the 19th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2025).

Building Bridges: Safe Interactions with Foreign Languages through Omniglot

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this