Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems

Leon Schuermann; Arun Thomas; Amit Levy

doi:10.1145/3625275.3625397

Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems

Leon Schuermann, Arun Thomas, Amit Levy

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Memory-safe languages like Rust are increasingly popular for systems development. Nonetheless, practical systems must interact with code written in memory-unsafe languages. This is especially true in security and safety-critical embedded systems, where subsystems such as cryptographic implementations are subject to industrial and governmental certification requirements. Direct interactions with such libraries, however, expose memory-safe languages to significant risks: Any single bug in either the foreign code or the cross-language interactions may arbitrarily violate the memory safety of the wrapping language.We present Encapsulated Functions, a framework for safely invoking untrusted code in a memory-safe system with minimal overheads. Encapsulated Functions combines hardware-based memory protection mechanisms with a set of Rust type abstractions to facilitate safe interactions with untrusted and unmodified third-party libraries.

Original language	English (US)
Title of host publication	KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification
Publisher	Association for Computing Machinery, Inc
Pages	41-48
Number of pages	8
ISBN (Electronic)	9798400704116
DOIs	https://doi.org/10.1145/3625275.3625397
State	Published - Oct 23 2023
Event	1st Workshop on Kernel Isolation, Safety and Verification, KISV 2023 - Koblenz, Germany Duration: Oct 23 2023 → Oct 23 2023

Publication series

Name	KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification

Conference

Conference	1st Workshop on Kernel Isolation, Safety and Verification, KISV 2023
Country/Territory	Germany
City	Koblenz
Period	10/23/23 → 10/23/23

All Science Journal Classification (ASJC) codes

Computer Networks and Communications

Keywords

foreign function interface
memory protection
memory safety
rust

Access to Document

10.1145/3625275.3625397

Cite this

Schuermann, L., Thomas, A., & Levy, A. (2023). Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems. In KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification (pp. 41-48). (KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification). Association for Computing Machinery, Inc. https://doi.org/10.1145/3625275.3625397

@inproceedings{39388814d59a41ad987542b1ac170e2a,

title = "Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems",

abstract = "Memory-safe languages like Rust are increasingly popular for systems development. Nonetheless, practical systems must interact with code written in memory-unsafe languages. This is especially true in security and safety-critical embedded systems, where subsystems such as cryptographic implementations are subject to industrial and governmental certification requirements. Direct interactions with such libraries, however, expose memory-safe languages to significant risks: Any single bug in either the foreign code or the cross-language interactions may arbitrarily violate the memory safety of the wrapping language.We present Encapsulated Functions, a framework for safely invoking untrusted code in a memory-safe system with minimal overheads. Encapsulated Functions combines hardware-based memory protection mechanisms with a set of Rust type abstractions to facilitate safe interactions with untrusted and unmodified third-party libraries.",

keywords = "foreign function interface, memory protection, memory safety, rust",

author = "Leon Schuermann and Arun Thomas and Amit Levy",

note = "Publisher Copyright: {\textcopyright} 2023 Owner/Author(s).; 1st Workshop on Kernel Isolation, Safety and Verification, KISV 2023 ; Conference date: 23-10-2023 Through 23-10-2023",

year = "2023",

month = oct,

day = "23",

doi = "10.1145/3625275.3625397",

language = "English (US)",

series = "KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification",

publisher = "Association for Computing Machinery, Inc",

pages = "41--48",

booktitle = "KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification",

}

Schuermann, L, Thomas, A & Levy, A 2023, Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems. in KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification. KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification, Association for Computing Machinery, Inc, pp. 41-48, 1st Workshop on Kernel Isolation, Safety and Verification, KISV 2023, Koblenz, Germany, 10/23/23. https://doi.org/10.1145/3625275.3625397

Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems. / Schuermann, Leon; Thomas, Arun; Levy, Amit.
KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification. Association for Computing Machinery, Inc, 2023. p. 41-48 (KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Encapsulated Functions

T2 - 1st Workshop on Kernel Isolation, Safety and Verification, KISV 2023

AU - Schuermann, Leon

AU - Thomas, Arun

AU - Levy, Amit

PY - 2023/10/23

Y1 - 2023/10/23

N2 - Memory-safe languages like Rust are increasingly popular for systems development. Nonetheless, practical systems must interact with code written in memory-unsafe languages. This is especially true in security and safety-critical embedded systems, where subsystems such as cryptographic implementations are subject to industrial and governmental certification requirements. Direct interactions with such libraries, however, expose memory-safe languages to significant risks: Any single bug in either the foreign code or the cross-language interactions may arbitrarily violate the memory safety of the wrapping language.We present Encapsulated Functions, a framework for safely invoking untrusted code in a memory-safe system with minimal overheads. Encapsulated Functions combines hardware-based memory protection mechanisms with a set of Rust type abstractions to facilitate safe interactions with untrusted and unmodified third-party libraries.

AB - Memory-safe languages like Rust are increasingly popular for systems development. Nonetheless, practical systems must interact with code written in memory-unsafe languages. This is especially true in security and safety-critical embedded systems, where subsystems such as cryptographic implementations are subject to industrial and governmental certification requirements. Direct interactions with such libraries, however, expose memory-safe languages to significant risks: Any single bug in either the foreign code or the cross-language interactions may arbitrarily violate the memory safety of the wrapping language.We present Encapsulated Functions, a framework for safely invoking untrusted code in a memory-safe system with minimal overheads. Encapsulated Functions combines hardware-based memory protection mechanisms with a set of Rust type abstractions to facilitate safe interactions with untrusted and unmodified third-party libraries.

KW - foreign function interface

KW - memory protection

KW - memory safety

KW - rust

UR - http://www.scopus.com/inward/record.url?scp=85177677379&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85177677379&partnerID=8YFLogxK

U2 - 10.1145/3625275.3625397

DO - 10.1145/3625275.3625397

M3 - Conference contribution

AN - SCOPUS:85177677379

T3 - KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification

SP - 41

EP - 48

BT - KISV 2023 - Proceedings of the1st Workshop on Kernel Isolation, Safety and Verification

PB - Association for Computing Machinery, Inc

Y2 - 23 October 2023 through 23 October 2023

ER -

Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this