Based on this historical vulnerability density, it’s likely that using Rust has already prevented hundreds of vulnerabilities from reaching production. Historical vulnerability density is greater than 1/kLOC (1 vulnerability per thousand lines of code) in many of Android’s C/C++ components (e.g. It demonstrates that Rust is fulfilling its intended purpose of preventing Android’s most common source of vulnerabilities. We don’t expect that number to stay zero forever, but given the volume of new Rust code across two Android releases, and the security-sensitive components where it’s being used, it’s a significant result. To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code. These are low-level components that require a systems language which otherwise would have been implemented in C++. There are approximately 1.5 million total lines of Rust code in AOSP across new functionality and components such as Keystore2, the new Ultra-wideband (UWB) stack, DNS-over-HTTP3, Android’s Virtualization framework (AVF), and various other components and their open source dependencies. In Android 13, about 21% of all new native code (C/C++/Rust) is in Rust. Since then we’ve been scaling up our Rust experience and usage within the Android Open Source Project (AOSP).Īs we noted in the original announcement, our goal is not to convert existing C/C++ to Rust, but rather to shift development of new code to memory safe languages over time. In Android 12 we announced support for the Rust programming language in the Android platform as a memory-safe alternative to C/C++. We believe Android’s ongoing shift from memory-unsafe to memory-safe languages is a major factor. However, these alone do not account for the large shift in vulnerabilities that we’re seeing, and other projects that have deployed these technologies have not seen a major shift in their vulnerability composition. These are important tools, and critically important for our C/C++ code. Vulnerabilities found using these tools contributed both to prevention of vulnerabilities in new code as well as vulnerabilities found in old code that are included in the above evaluation. We’ve also increased our fuzzing coverage on our existing code base. Over the past few releases we’ve introduced the Scudo hardened allocator, HWASAN, GWP-ASAN, and KFENCE on production Android devices. We continue to invest in tools to improve the safety of our C/C++. However, the shift is a major departure from industry-wide trends that have persisted for more than a decade (and likely longer) despite substantial investments in improvements to memory unsafe languages. Of course there may be other contributing factors or alternative explanations. This matches the expectations published in our blog post 2 years ago about the age of memory safety vulnerabilities and why our focus should be on new code, not rewriting existing components. So too, an interest in Magic: The Gathering has persisted since William’s youth, and he can frequently be found watching Magic streams on Twitch and reading over the latest set spoilers.While correlation doesn’t necessarily mean causation, it’s interesting to note that the percent of vulnerabilities caused by memory safety issues seems to correlate rather closely with the development language that’s used for new code. Now, William enjoys playing Super Mario Maker 2 on the Switch with his daughter and finding time to sneak in the newest From Software game when possible. This interest reached a height with MMORPGs like Asheron’s Call 2, Star Wars Galaxies, and World of Warcraft, on which William spent considerable time up until college. William’s first console was the NES, but when he was eight, it was The Legend of Zelda: Link’s Awakening on Game Boy that fully cemented his interest in the format. All the while, William’s passion for games remained. Upon graduating from the University of Southern California’s School of Cinematic Arts, William entered the realm of fine arts administration, assisting curators, artists, and fine art professionals with the realization of contemporary art exhibitions. William Parks is an editor at Game Rant with a background in visual arts.
0 Comments
Leave a Reply. |