Chancellor’s Professor of Computer Science Michael Franz and a group of current and former Ph.D. students and postdoctoral researchers from the Donald Bren School of Information and Computer Sciences (ICS) recently won the Best Paper Award at the European Conference on Computer Systems (EuroSys 2022), a flagship venue in system software. The paper, “PKRU-Safe: Automatically Locking Down the Heap Between Safe and Unsafe Languages,” is by Ph.D. students Paul Kirth and Mitchel Dickerson, Immunant CTO Stephen Crane and CEO Per Larsen, postdoctoral researchers Adrian Dabrowski and David Gens, Apple software engineer Yeoul Na, KU Leuven Professor Stijn Volckaert, and Franz.

As the authors outline in the paper, memory safety violations remain a major cause of security vulnerabilities in real-world software. Although memory-safe languages, such as Rust, can help developers write efficient low-level code without the risk of memory corruption, these languages still must interface with unsafe code, giving attackers an opportunity to exploit memory-corruption vulnerabilities. PKRU-Safe is an automated method for dealing with unsafe components in mixed-language environments.

“This work makes it much easier to build ‘mixed’ systems in which one part is written in a modern language such as Rust while other parts are legacy code written in C or C++,” explains Franz. “It ensures that the unsafe parts cannot mess up the private data of the code written in the modern language, even if the two parts of the program have complex mutual interactions.” This is a significant improvement compared to current methods. “Our solution makes it much simpler to migrate legacy code gradually over time while the resulting system successively acquires the benefits of the modern language,” says Franz. “In the existing solution, you don’t get this benefit until all the legacy code is fully migrated.”

— Shani Murray