Master Thesis  Open Access



Validating Memory Safety in Rust Binaries

Thumbnail
View/Open
Date
2024-06
Author
Louka, Antonis
Advisor
ORCID logoAthanasopoulos, Elias
Publisher
Πανεπιστήμιο Κύπρου, Σχολή Θετικών και Εφαρμοσμένων Επιστημών / University of Cyprus, Faculty of Pure and Applied Sciences
Place of publication
Cyprus

Google Scholar check
Keyword(s):
Software security
Buffer Overflow
Memory Safety
Code Validation

Metadata
Show full item record
Abstract
Programming systems can be safe and unsafe. Safe systems guarantee secure memory access, while unsafe systems provide no security guarantees. Unsafe systems suffer from programming bugs that can be exploited by attackers and on the other hand safe systems depend on run-time environments. While safe systems succeed to reduce exploitation of vulnerabilities, run-time environments add significant overheads affecting performance, making the use of unsafe type systems inevitable in performance critical applications. To make unsafe systems more memory safe; hardening techniques are applied to binaries creating an arms race between attacks and defenses since hardened binaries can be still compromised. This creates a need for new approaches that try to maintain performance while providing memory safety. Such approaches are provided in systems like Rust and Go; they provide memory safety guarantees with no or very minimal run-time environments, affecting performance as little as possible. Without depending on heavy runtime support, Rust realizes fast machine code that mitigates most of the common attacks associated with memory-corruption and appears in all unsafe machine code developed using C/C++. Rust uses a compiler enforced memory safety approach; thus, most of the work for producing machine code with security guarantees is carried out a compile-time by the Rust compiler. However, at runtime, there is no mechanism to ensure that the produced security guarantees, as computed a compile-time, are still in place. In this thesis, we explore the possibilities of an attacker fabricating Rust binaries so that they are on purpose vulnerable. We show that it is possible to modify automatically, and at large scale, binaries so that certain defenses, placed by the Rust compiler, are removed. We introduce a generic problem, and focus on concepts of spatial and temporal safety. The aforementioned modifications violate Rusts restrictions and re-introduce programming bugs present in unsafe systems in both spatial and temporal scopes. Finally, we produce a validator that assesses if all checks ensuring spatial and temporal safety remain intact within a Rust binary, before executing it. Our work is a step towards validating Rust binaries at load time so that security guarantees computed at compile-time are effective at run-time.
URI
http://gnosis.library.ucy.ac.cy/handle/7/66269
Collections

Cite as