Tech giant Google is promoting the deployment of Rust in existing low-level firmware codebases as part of a major push to combat memory-related security vulnerabilities.
According to new documentation from Google software engineers Ivan Lozano and Dominik Maier, legacy firmware codebases written in C and C++ can benefit from “drop-in Rust replacements” to guarantee memory safety at sensitive layers below the operating system.
“We seek to demonstrate that this approach is viable for firmware, providing a path to memory-safety in an efficient and effective manner,” the Android team said in a note that doubles down on Google’s security-themed migration to memory safe languages.
“Firmware serves as the interface between hardware and higher-level software. Due to the lack of software security mechanisms that are standard in higher-level software, vulnerabilities in firmware code can be dangerously exploited by malicious actors,” Google warned, noting that existing firmware consists of large legacy code bases written in memory-unsafe languages such as C or C++.
Citing data showing that memory safety issues are the leading cause of vulnerabilities in its Android and Chrome codebases, Google is pushing Rust as a memory-safe alternative with comparable performance and code size.
The company said it is adopting an incremental approach that focuses on replacing new and highest risk existing code to get “maximum security benefits with the least amount of effort.”
“Simply writing any new code in Rust reduces the number of new vulnerabilities and over time can lead to a reduction in the number of outstanding vulnerabilities,” the Android software engineers said, suggesting developers replace existing C functionality by writing a thin Rust shim that translates between an existing Rust API and the C API the codebase expects.
“The shim serves as a wrapper around the Rust library API, bridging the existing C API and the Rust API. This is a common approach when rewriting or replacing existing libraries with a Rust alternative.”
Google has reported a significant decrease in memory safety bugs in Android due to the progressive migration to memory-safe programming languages such as Rust. Between 2019 and 2022, the company said the annual reported memory safety issues in Android dropped from 223 to 85, due to an increase in the amount of memory-safe code entering the mobile platform.
Related: Google Migrating Android to Memory-Safe Programming Languages
Related: Cost of Sandboxing Prompts Shift to Memory-Safe Languages. A Little Too Late?
Related: Rust Gets a Dedicated Security Team
Related: US Gov Says Software Measurability is ‘Hardest Problem to Solve’