UC San Diego

Rust, a modern programming language prioritizing memory safety, has an ecosystem that is still under active development. Taking advantage of the Foreign Function Interface (FFI), Rust can directly leverage existing C libraries like libjpeg, libzstd, and libsqlite, eliminating the need to re-implement these in Rust. However, while Rust’s robust compiler ensures Rust code’s memory safety, it cannot do the same for linked C libraries, potentially endangering the memory safety of the entire program if vulnerabilities exist.

To address this issue, we present RLBox-Rust, a fine-grained library sandboxing framework for Rust. RLBox-Rust employs sandboxing technology to isolate C libraries used in Rust, ensuring Software Fault Isolation. This guarantees memory safety even in the presence of vulnerabilities in C libraries. Building upon sandboxing, RLBox-Rust designs and implements a novel sandbox binding mechanism, enabling Rust developers to use sandboxed C libraries intuitively and securely. With Rust's robust type and macro systems, we've established a set of memory safety-checking mechanisms that employ static (compile-time) and dynamic (run-time) checks to maximize the assurance of type and data integrity. We utilized WebAssembly (Wasm) technology for sandboxing, ensuring high performance and cross-platform compatibility of sandboxed C libraries as well as strict runtime environment isolation and control-flow integrity. We evaluate the RLBox-Rust framework through different use cases, and our experiments demonstrate that RLBox-Rust can ensure memory safety with an acceptable performance overhead, enabling Rust developers to safely use existing C libraries with minimized migration effort.