Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems

Leon Schuermann, Arun Thomas, Amit Levy

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Memory-safe languages like Rust are increasingly popular for systems development. Nonetheless, practical systems must interact with code written in memory-unsafe languages. This is especially true in security and safety-critical embedded systems, where subsystems such as cryptographic implementations are subject to industrial and governmental certification requirements. Direct interactions with such libraries, however, expose memory-safe languages to significant risks: Any single bug in either the foreign code or the cross-language interactions may arbitrarily violate the memory safety of the wrapping language.We present Encapsulated Functions, a framework for safely invoking untrusted code in a memory-safe system with minimal overheads. Encapsulated Functions combines hardware-based memory protection mechanisms with a set of Rust type abstractions to facilitate safe interactions with untrusted and unmodified third-party libraries.

Original languageEnglish (US)
Title of host publicationKISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification
PublisherAssociation for Computing Machinery, Inc
Pages41-48
Number of pages8
ISBN (Electronic)9798400704116
DOIs
StatePublished - Oct 23 2023
Event1st Workshop on Kernel Isolation, Safety and Verification, KISV 2023 - Koblenz, Germany
Duration: Oct 23 2023 → …

Publication series

NameKISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification

Conference

Conference1st Workshop on Kernel Isolation, Safety and Verification, KISV 2023
Country/TerritoryGermany
CityKoblenz
Period10/23/23 → …

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Keywords

  • foreign function interface
  • memory protection
  • memory safety
  • rust

Fingerprint

Dive into the research topics of 'Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems'. Together they form a unique fingerprint.

Cite this