Naked Security Naked Security

Microsoft looks to Rust language to beat memory vulnerabilities

Microsoft is pressing ahead with an ambitious plan to de-fang common vulnerabilities hiding in old Windows code with the help of Rust.

Microsoft is pressing ahead with an ambitious plan to de-fang common vulnerabilities hiding in old Windows code by using an implementation of the open-source Rust programming language.

The company’s been working on the research initiative, dubbed Project Verona, for some time, but a recently posted presentation from September’s Collaborators’ Workshop adds to the impression of its growing importance.

Traditionally, Windows software requiring fine control, such as device drivers, low-level OS functions such as storage and memory management, is written in C or C++.

But that control comes at the expense of mistakes that lead to insecure code, particularly memory issues which account for up to 70% of the vulnerabilities that Microsoft finds itself patching later.

Most of these were made in the past and are sitting in legacy code that would take a lot of resources to rewrite from scratch with no guarantee they wouldn’t suffer the same problems eventually.

Memory safe

Rust, by contrast, has built-in protections against common memory problems such as use after free, type confusion, heap and stack corruption, and uninitialized use, which can afflict the C and C++ languages that Windows is written in.

Microsoft has been busy rewriting unnamed software components in Rust to see whether the concept works despite the language’s limitations, and the fact it is still mentioning it suggests it has found some success.

Project Verona’s Rust alternative now has a “production quality” runtime, a prototype interpreter and type checker. This would be made available as an open-source tool within weeks, he said.

It’s as if Microsoft is admitting that rather than badger its developers to write safe code for the next 10 years, a better option is simply to limit the parameters of the tools they use to create it.

If one were to pick holes, it might be to ask why it’s taken Microsoft so long to get around to adopting a memory-safe language such as Rust, years after Mozilla started sponsoring it to improve the security of its Firefox browser.

As the then-director of strategy at Mozilla Research, Dave Herman, noted in 2016:

Our preliminary measurements show the Rust component performing beautifully and delivering identical results to the original C++ component it’s replacing – but now implemented in a memory-safe programming language.

Microsoft’s Rust implementation is more complex than Mozilla’s because it needs more capabilities to work across a wider range of components. It’s still not clear when updated code might ship but it is starting to look inevitable at the current rate of progress.

If Microsoft’s enthusiasm for Rust reveals one thing it’s how the company has become more open-minded about using open-source tools to improve its security – something that surely bodes well for users of its software, including Windows.