Brussels / 3 & 4 February 2024


Hardware pointer checks in a Rust application near you?

This talk presents a case study in taking a security-focused application to the next level by modifying the Rust compiler to target a capability-based architecture.

We will discuss CHERI, a system that enables hardware enforcement of safety constraints at runtime using capabilities, and how we have added support for CHERI to the Rust compiler in order to improve the security of CyberHive Connect, an application that implements an end-to-end encrypted mesh network.

Connect can already boast a very high level of security when we consider the protocols it uses, and we can argue that the application itself has many potential vulnerabilities eliminated by being written in Rust. However, just like most real world applications, Connect needs to make use of unsafe code in areas such as the interface with the underlying operating system. This exposes an attack surface in the form of code that the compiler can't guarantee will be safe at runtime.

If, however, we make modifications to the Rust compiler to support transferring knowledge about pointer provenance, bounds and other access restrictions to CHERI's capability-based runtime enforcement, then in many cases we should be able to eliminate the potential for unsafe situations to occur.

This talk will demonstrate what we have managed to achieve in terms of producing a modified Rust compiler that can target CHERI architectures. We will give an overview of what problems were solved by doing this and how we worked towards getting our real world Rust application running on CHERI.


Lewis Revill