Shulou(Shulou.com)06/03 Report--

This article introduces you to what it is like to develop a new secure programming language based on Rust. The content is very detailed. Interested friends can refer to it for reference. I hope it can help you.

To improve Windows 10 security, Microsoft researcher Matthew Parkinson revealed in a presentation this week that Microsoft is developing a new security programming language based on Rust. This project is called Verona by Microsoft.

The Verona project aims to make Windows 10 more secure by using Rust to develop the underlying components of Windows.

According to Microsoft, they achieved their goal by integrating Rust and C/C++ to remove unsafe code from Windows.

Memory security issues

As we all know, on the second week of each month, Microsoft releases security patches to fix Windows vulnerabilities. Microsoft recently revealed that most of the bugs discovered in recent years have been memory security-related, so they wanted to see if they could use Rust to fix them.

In programming languages,"memory security" refers to protecting memory space from malicious programs. Microsoft's Verona project aims to prevent such attacks from happening.

While the Verona project may have started out as an experiment, Microsoft has come a long way.

Matthew Parkinson is a Microsoft researcher specializing in memory management for managed programming languages. In a recent talk, he shared what Microsoft is doing to solve memory problems.

In this talk, Parkinson mentioned IE and Edge's MemGC (Memory Garbage Collector).

MemGC(Memory Garbage Collector): Memory garbage collector, Edge's memory management mechanism, improved by IE11 MemoryProtector, first used in EdgeHTML and MSHTML. Edge uses MemGC to manage DOM and DOM supported objects, and it uses Mark-Sweep algorithm to collect garbage, which can prevent some UAF vulnerabilities.

MemGC addresses vulnerabilities associated with the standard browser DOM, impressing hackers on Google Zero.

"We developed a garbage collector for DOM," Parkinson said. In IE, memory 'use-after-free' is a common way for people to take advantage of DOM engine memory management mechanisms. Then Microsoft developed MemGC as a guardian garbage collector for DOM. It almost exclusively addresses this type of vulnerability and basically eliminates this type of attack. "

Another type of bug Microsoft is trying to fix has to do with uninitialized memory.

Parkinson delves into a question that might resonate with consumers: "how do we build the safest products for the future? We still have to deal with legacy issues, we can't throw everything away, but we can rebuild something in a safer system. "

Parkinson said Microsoft is rewriting some components with Rust, and his presentation focused on language design and isolation capabilities.

"If we want to isolate the ability to isolate legacy code from attackers, how should we design the language? "

Verona Project

Thus, Project Verona was born. Microsoft claims that the language is aimed at "secure infrastructure programming" and that the Verona project will be open-sourced "soon."

The project is supported by C#project manager Mads Torgensen and Microsoft Cambridge Research engineer Juliana Franco.

Microsoft's challenge is to cover the "application graph," from C#for desktop applications, to C and C#for Exchange, ASP.NET, Azure, and device drivers, to deep Windows components such as memory management, boot loader, and Windows kernel hardware abstraction layer (HAL).

"It's hard to do memory management right," Parkinson says. If there are arbitrary concurrency conflicts, it is very difficult to keep temporary memory safe."

"Rust's owner model is based on a single object, while Verona is based on a set of objects. In C++, the programmer gets pointers, pointers are object-based, and basically an object is a pointer. But I don't think the data and syntax should be like this. I think the data structure should be a collection of objects, and the collection has its own life cycle."

About Rust based on the development of a new security programming language is what kind of share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.