Abstract

Memory- and type-safe languages like Rust are increasingly popular for systems development. Nonetheless, practical systems must interact with code written in memory-unsafe languages. Examples for this can be found across the spectrum, with many Rust applications linking against popular libraries such as OpenSSL, to security and safety-critical embedded systems, where subsystems such as cryptographic implementations are subject to industrial and governmental certification requirements. Direct interactions with such libraries, however, expose safe languages to significant risks: any single bug in either the foreign code or the cross-language interactions may arbitrarily violate the memory and/or type safety of the wrapping language.

This talk presents Encapsulated Functions, an ongoing research project exploring how to secure cross-language interactions along with their differing guarantees and semantics around memory- and type-safety.  At its core, Encapsulated Functions is a framework that combines memory protection mechanisms (such as the RISC-V Physical Memory Protection or Intel's Memory Protection Keys) with a set of portable types to both restrict and encapsulate behavior across the language boundary. Through the portability across different memory protection mechanisms we can utilize this infrastructure in both highly-restrictive embedded systems and applications running on conventional operating systems alike.