Collaborative Research: SaTC: CORE: Medium: Refine the Gap: Establishing Safety for Modern Foreign Function Interfaces

协作研究：SaTC：核心：中：缩小差距：为现代外部功能接口建立安全性

• 批准号: 2327338
• 负责人: Caleb Stanford
• 金额: $ 30万
• 依托单位: University of California-Davis
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2027-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2327338&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Developers of widely used software infrastructure like the Firefox, Chrome, and Linux are replacing components written in unsafe but fast languages like C/C++ with components written in Rust. Rust promises to eliminate the security vulnerabilities endemic to C/C++ codebases without compromising on performance. Alas, completely rewriting real-world software systems is not practical: Firefox, Chrome, and Linux are tens of millions of C/C++ code. Instead, Rust components must continue to interact with existing C/C++ code. In practice, this requires developers to write code that glues Rust and C/C++. Unfortunately, this glue code is notoriously difficult to write correctly: code at the language boundary can both introduce errors in previously safe code and impose new unchecked requirements, threatening the security of both the Rust code and the containing C/ C++ ecosystem. This project will address these challenges by building new abstractions, techniques, and tools that will help developers securely integrate Rust components within C/C++ applications (and vice versa). This research will span the spectrum from new theoretical and formal ideas to the deployment and integration of this technology in real-world software. The project has the potential to directly improve the security of software infrastructure used by billions of users, including Firefox, Chrome, and Linux. The project will also contribute to the graduate, undergraduate, and high school curriculum, introducing future developers to techniques and tools for building secure software.This project takes a principled and practical approach to building secure systems software by securing the glue layer between C/C++ and Rust and the foreign function interface (FFI) developers used to write this glue code. To accomplish these goals, this project will (1) build novel static analysis tools for the Rust ecosystem, which work in tandem with human auditing to detect, triage, and classify major weaknesses in existing FFIs; (2) build novel abstractions for the FFI layer based on refinement types to describe and automatically check memory safety and type safety properties at the FFI layer, and eliminate the ad-hoc glue code at the FFI layer; (3) build a lightweight sandboxing layer for calling C/C++ code from Rust, leveraging prior sandboxing mechanisms but marrying their abstractions with Rust's ownership type system. This research will yield new insights into the safety and security gaps in modern multi-language systems; contribute to the understanding of how refinement types can integrate with a modern memory-safe type system and mutability constraints; and develop our understanding of how modern security techniques -- including static analysis, type systems, and sandboxing -- are applicable to the Rust ecosystem and ownership model.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Firefox、Chrome 和 Linux 等广泛使用的软件基础设施的开发人员正在用 Rust 编写的组件替换用 C/C++ 等不安全但快速的语言编写的组件。 Rust 承诺在不影响性能的情况下消除 C/C++ 代码库特有的安全漏洞。唉，完全重写现实世界的软件系统是不切实际的：Firefox、Chrome 和 Linux 是数千万的 C/C++ 代码。相反，Rust 组件必须继续与现有的 C/C++ 代码交互。实际上，这需要开发人员编写将 Rust 和 C/C++ 结合在一起的代码。不幸的是，众所周知，这种粘合代码很难正确编写：语言边界上的代码既可能在以前的安全代码中引入错误，也可能会强加新的未经检查的要求，从而威胁到 Rust 代码和包含的 C/C++ 生态系统的安全性。该项目将通过构建新的抽象、技术和工具来解决这些挑战，帮助开发人员在 C/C++ 应用程序中安全地集成 Rust 组件（反之亦然）。这项研究将涵盖从新的理论和形式思想到该技术在实际软件中的部署和集成。该项目有可能直接提高数十亿用户使用的软件基础设施的安全性，包括 Firefox、Chrome 和 Linux。该项目还将为研究生、本科生和高中课程做出贡献，向未来的开发人员介绍构建安全软件的技术和工具。该项目采用原则性且实用的方法，通过保护 C/C++ 之间的粘合层来构建安全系统软件Rust 和外部函数接口 (FFI) 开发人员用来编写这种粘合代码。为了实现这些目标，该项目将 (1) 为 Rust 生态系统构建新颖的静态分析工具，与人工审计协同工作，以检测、分类和分类现有 FFI 中的主要弱点； (2)基于细化类型为FFI层构建新颖的抽象，以描述和自动检查FFI层的内存安全和类型安全属性，并消除FFI层的ad-hoc粘合代码； (3) 构建一个轻量级沙箱层，用于从 Rust 调用 C/C++ 代码，利用先前的沙箱机制，但将其抽象与 Rust 的所有权类型系统结合起来。这项研究将对现代多语言系统的安全和安保漏洞产生新的见解；有助于理解细化类型如何与现代内存安全类型系统和可变性约束集成；并加深我们对现代安全技术（包括静态分析、类型系统和沙盒）如何适用于 Rust 生态系统和所有权模型的理解。该奖项反映了 NSF 的法定使命，并通过使用基金会的评估进行评估，认为值得支持。智力价值和更广泛的影响审查标准。