The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Linux 커널은 보안에 민감한 다양한 분야에 적용되어 왔기 때문에 보안을 보장하는 것이 중요합니다. Linux 커널의 취약점은 일반적으로 C 프로그래밍 언어의 정의되지 않은 동작으로 인해 발생하며, 가장 위협적인 것은 메모리 안전 취약점입니다. 메모리 안전에 대한 소프트웨어 기반 접근 방식과 하드웨어 접근 방식 모두 성능 저하, 오탐지, 호환성 저하라는 단점이 있습니다. 이 문서에서는 Linux 커널 구성 요소를 재구성하고 해당 구성 요소의 코드를 오픈 소스화하기 위해 안전한 프로그래밍 언어인 Rust를 사용하는 것의 타당성을 탐구합니다. 우리는 Rust FFI 메커니즘을 활용하여 재구성된 구성 요소가 다른 Linux 기능을 호출할 수 있도록 안전한 외부 인터페이스 계층을 설계한 다음 Rust를 사용하여 구성 요소를 재구성합니다. 그 동안 우리는 Rust의 유형 안전성 및 소유권 메커니즘을 활용하여 보안을 향상합니다. 마지막으로 구성 요소의 C 인터페이스를 내보내 Linux 커널에 의한 호출을 활성화합니다. 재구성된 구성 요소인 "rOOM"의 성능 및 메모리 오버헤드를 평가한 결과 커널 모드에서 8.9%, 사용자 모드에서 5%, 실시간에서 3%, 메모리 오버헤드는 0.06%의 성능 오버헤드를 나타냈습니다. . 이러한 결과는 기능, 성능 및 메모리 오버헤드 측면에서 Rust를 사용하여 Linux 커널의 주요 구성 요소를 개발하는 것이 가능함을 시사합니다.
Linhan LI
Capital Normal University
Qianying ZHANG
Capital Normal University
Zekun XU
Capital Normal University
Shijun ZHAO
Chinese Academy of Sciences
Zhiping SHI
Capital Normal University
Yong GUAN
Capital Normal University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Linhan LI, Qianying ZHANG, Zekun XU, Shijun ZHAO, Zhiping SHI, Yong GUAN, "rOOM: A Rust-Based Linux Out of Memory Kernel Component" in IEICE TRANSACTIONS on Information,
vol. E107-D, no. 3, pp. 245-256, March 2024, doi: 10.1587/transinf.2023MPP0001.
Abstract: The Linux kernel has been applied in various security-sensitive fields, so ensuring its security is crucial. Vulnerabilities in the Linux kernel are usually caused by undefined behaviors of the C programming language, the most threatening of which are memory safety vulnerabilities. Both the software-based and hardware approaches to memory safety have disadvantages of poor performance, false positives, and poor compatibility. This paper explores the feasibility of using the safe programming language Rust to reconstruct a Linux kernel component and open-source the component's code. We leverage the Rust FFI mechanism to design a safe foreign interface layer to enable the reconstructed component to invoke other Linux functionalities, and then use Rust to reconstruct the component, during which we leverage Rust's type-safety and ownership mechanisms to improve its security, and finally export the C interface of the component to enable the invocation by the Linux kernel. The performance and memory overhead of the reconstructed component, referred to as “rOOM”, were evaluated, revealing a performance overhead of 8.9% in kernel mode, 5% in user mode, 3% in real time, and a memory overhead of 0.06%. These results suggest that it is possible to develop key components of the Linux kernel using Rust in terms of functionality, performance, and memory overhead.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2023MPP0001/_p
부
@ARTICLE{e107-d_3_245,
author={Linhan LI, Qianying ZHANG, Zekun XU, Shijun ZHAO, Zhiping SHI, Yong GUAN, },
journal={IEICE TRANSACTIONS on Information},
title={rOOM: A Rust-Based Linux Out of Memory Kernel Component},
year={2024},
volume={E107-D},
number={3},
pages={245-256},
abstract={The Linux kernel has been applied in various security-sensitive fields, so ensuring its security is crucial. Vulnerabilities in the Linux kernel are usually caused by undefined behaviors of the C programming language, the most threatening of which are memory safety vulnerabilities. Both the software-based and hardware approaches to memory safety have disadvantages of poor performance, false positives, and poor compatibility. This paper explores the feasibility of using the safe programming language Rust to reconstruct a Linux kernel component and open-source the component's code. We leverage the Rust FFI mechanism to design a safe foreign interface layer to enable the reconstructed component to invoke other Linux functionalities, and then use Rust to reconstruct the component, during which we leverage Rust's type-safety and ownership mechanisms to improve its security, and finally export the C interface of the component to enable the invocation by the Linux kernel. The performance and memory overhead of the reconstructed component, referred to as “rOOM”, were evaluated, revealing a performance overhead of 8.9% in kernel mode, 5% in user mode, 3% in real time, and a memory overhead of 0.06%. These results suggest that it is possible to develop key components of the Linux kernel using Rust in terms of functionality, performance, and memory overhead.},
keywords={},
doi={10.1587/transinf.2023MPP0001},
ISSN={1745-1361},
month={March},}
부
TY - JOUR
TI - rOOM: A Rust-Based Linux Out of Memory Kernel Component
T2 - IEICE TRANSACTIONS on Information
SP - 245
EP - 256
AU - Linhan LI
AU - Qianying ZHANG
AU - Zekun XU
AU - Shijun ZHAO
AU - Zhiping SHI
AU - Yong GUAN
PY - 2024
DO - 10.1587/transinf.2023MPP0001
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E107-D
IS - 3
JA - IEICE TRANSACTIONS on Information
Y1 - March 2024
AB - The Linux kernel has been applied in various security-sensitive fields, so ensuring its security is crucial. Vulnerabilities in the Linux kernel are usually caused by undefined behaviors of the C programming language, the most threatening of which are memory safety vulnerabilities. Both the software-based and hardware approaches to memory safety have disadvantages of poor performance, false positives, and poor compatibility. This paper explores the feasibility of using the safe programming language Rust to reconstruct a Linux kernel component and open-source the component's code. We leverage the Rust FFI mechanism to design a safe foreign interface layer to enable the reconstructed component to invoke other Linux functionalities, and then use Rust to reconstruct the component, during which we leverage Rust's type-safety and ownership mechanisms to improve its security, and finally export the C interface of the component to enable the invocation by the Linux kernel. The performance and memory overhead of the reconstructed component, referred to as “rOOM”, were evaluated, revealing a performance overhead of 8.9% in kernel mode, 5% in user mode, 3% in real time, and a memory overhead of 0.06%. These results suggest that it is possible to develop key components of the Linux kernel using Rust in terms of functionality, performance, and memory overhead.
ER -