한국정보처리학회:학술대회논문집 (Annual Conference of KIPS)

한국정보처리학회 (Korea Information Processing Society)
권호 표지

다중 언어 어플리케이션에서의 러스트 언어 보호에 대한 연구

A Study on Securing Rust in Mixed-Language Applications

  • 유준승 (서울대학교 전기정보공학부, 반도체공동연구소) ;
  • 카욘도마틴 (서울대학교 전기정보공학부, 반도체공동연구소) ;
  • 백윤흥 (서울대학교 전기정보공학부, 반도체공동연구소)
  • Junseung You (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center (ISRC), Seoul National University) ;
  • Martin Kayondo (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center (ISRC), Seoul National University) ;
  • Yunheung Paek (Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center (ISRC), Seoul National University)
  • 발행 : 2024.10.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

For many decades, memory corruption attacks have posed a significant threat to computer systems, particularly those written in unsafe programming languages such as C/C++. In response, a 'safe' programming language, Rust, was recently developed to prevent memory bugs by using compile-time and runtime checks. Rust's security and efficiency has lead its adoption from multiple popular applications such as Firefox and Tor. Due to the large code base and complexity of legacy software, the adoption generally takes a form of a gradual deployment, where security-critical portion of the program is replaced with Rust, resulting in a mixed-language application. Unfortunately, such adoption strategy introduced a new attack vector that propagates the vulnerabilities residing in the unsafe languages to Rust, undermining the security guarantees provided by Rust. In this paper, we shed light on strategies designed to defend against attacks that target multi-lingual applications to compromise the security of Rust. We study underlying rationale of various defense mechanisms and design decisions taken to improve their performance and effectiveness. Furthermore, we explore the limitations of existing defenses and argue that additional methods are necessary for Rust to fully benefit from its security promises in multi-language environments.

키워드

과제정보

This research was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government, Minitry of Science and ICT (MSIT) (RS-2023-00277326), the BK21 FOUR program of the Education and Research Program for Future ICT Pioneers, Seoul national University in 2024, and Inter-University Semiconductor Research Center (ISRC); in part by the Institute of Information & Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (RS-2024-00438729, Development of Full Lifecycle Privacy-Preserving Techniques using Anonymized Confidential Computing); and in part by Korea Planning & Evaluation Institute of Industrial Technology(KEIT) grant funded by the Korea governement(MOTIE) (No. RS-2024-00406121, Development of an Automotive Security Vulnerability-based Thread Analysis System (R&D)); and in part by IITP under the artificial intelligence semiconductor support program to nurture the best talents(IITP-2023-RS-2023-00256081) grant funded by the Korea government (MSIT).

참고문헌

  1. Bang et. al., TRUST: A CompilationFramework for In-process Isolation to ProtectSafe Rust aginst Untrusted Code, USENIXSecurity Symposium, Anaheim, CA, USA, 2023, pg.6947-6964
  2. Mergendahl et. al., Cross Language Attacks, Network and Distributed Systems SecuritySymposium, San Diego, CA, USA, 2022
  3. Rivera et. al., Keeping Safe Rust Safe withGaleed, Annual Computer Security Applications Conference, Virtual Event, USA, 2021
  4. Kirth et. al., PKRU-Safe: Automatically Locking Down the Heap Between Safe and Unsafe Langauges, European Conference on Computer Systems, Rennes, France, 2022, pg.132 - 148