RusBox: Towards Efficient and Adaptive Sandboxing for Rust

Rust is a new language for safe system programming, and its strong type system and dynamic bound checking guarantee memory safety. Surprisingly, Rust is still vulnerable to buffer overflows, due to its unsafe feature. Recently, there have been a significant amount of studies to protect Rust programs against overflows, however, existing studies have severe limitations: they are either too coarse-grain or of considerable runtime overhead. This paper proposes RUSBOX, a novel sand-boxing software prototype to protect Rust programs against buffer overflow vulnerabilities. The key technical contribution of RUSBOX is its adaptive combination of static program analysis with sandboxing, to make the protection both effective and efficient. To testify the effectiveness of RUSBOX, we apply it to three publicly reported CVEs from real-world Rust projects; to evaluate the cost of RusBox, we plan to apply it to 36 widely used open source Rust projects.