{"title":"RusBox:面向Rust的高效和自适应沙盒","authors":"Wanrong Ouyang, Baojian Hua","doi":"10.1109/ISSREW53611.2021.00090","DOIUrl":null,"url":null,"abstract":"Rust is a new language for safe system programming, and its strong type system and dynamic bound checking guarantee memory safety. Surprisingly, Rust is still vulnerable to buffer overflows, due to its unsafe feature. Recently, there have been a significant amount of studies to protect Rust programs against overflows, however, existing studies have severe limitations: they are either too coarse-grain or of considerable runtime overhead. This paper proposes RUSBOX, a novel sand-boxing software prototype to protect Rust programs against buffer overflow vulnerabilities. The key technical contribution of RUSBOX is its adaptive combination of static program analysis with sandboxing, to make the protection both effective and efficient. To testify the effectiveness of RUSBOX, we apply it to three publicly reported CVEs from real-world Rust projects; to evaluate the cost of RusBox, we plan to apply it to 36 widely used open source Rust projects.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"RusBox: Towards Efficient and Adaptive Sandboxing for Rust\",\"authors\":\"Wanrong Ouyang, Baojian Hua\",\"doi\":\"10.1109/ISSREW53611.2021.00090\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Rust is a new language for safe system programming, and its strong type system and dynamic bound checking guarantee memory safety. Surprisingly, Rust is still vulnerable to buffer overflows, due to its unsafe feature. Recently, there have been a significant amount of studies to protect Rust programs against overflows, however, existing studies have severe limitations: they are either too coarse-grain or of considerable runtime overhead. This paper proposes RUSBOX, a novel sand-boxing software prototype to protect Rust programs against buffer overflow vulnerabilities. The key technical contribution of RUSBOX is its adaptive combination of static program analysis with sandboxing, to make the protection both effective and efficient. To testify the effectiveness of RUSBOX, we apply it to three publicly reported CVEs from real-world Rust projects; to evaluate the cost of RusBox, we plan to apply it to 36 widely used open source Rust projects.\",\"PeriodicalId\":385392,\"journal\":{\"name\":\"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISSREW53611.2021.00090\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSREW53611.2021.00090","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
RusBox: Towards Efficient and Adaptive Sandboxing for Rust
Rust is a new language for safe system programming, and its strong type system and dynamic bound checking guarantee memory safety. Surprisingly, Rust is still vulnerable to buffer overflows, due to its unsafe feature. Recently, there have been a significant amount of studies to protect Rust programs against overflows, however, existing studies have severe limitations: they are either too coarse-grain or of considerable runtime overhead. This paper proposes RUSBOX, a novel sand-boxing software prototype to protect Rust programs against buffer overflow vulnerabilities. The key technical contribution of RUSBOX is its adaptive combination of static program analysis with sandboxing, to make the protection both effective and efficient. To testify the effectiveness of RUSBOX, we apply it to three publicly reported CVEs from real-world Rust projects; to evaluate the cost of RusBox, we plan to apply it to 36 widely used open source Rust projects.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
