WEKO3
アイテム
RINA: Semantic-Aware Enforcement of Rust Safety Invariants at Cross-Language Boundaries
https://ipsj.ixsq.nii.ac.jp/records/2006941
https://ipsj.ixsq.nii.ac.jp/records/20069417f1d42da-f586-4719-bcab-7e6087d4b3cb
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-OS26170018.pdf (993.7 KB)
2028年2月9日からダウンロード可能です。
|
Copyright (c) 2026 by the Information Processing Society of Japan
|
|
| 非会員:¥660, IPSJ:学会員:¥330, OS:会員:¥0, DLIB:会員:¥0 | ||
| Item type | SIG Technical Reports(1) | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2026-02-09 | |||||||||
| タイトル | ||||||||||
| 言語 | ja | |||||||||
| タイトル | RINA: Semantic-Aware Enforcement of Rust Safety Invariants at Cross-Language Boundaries | |||||||||
| タイトル | ||||||||||
| 言語 | en | |||||||||
| タイトル | RINA: Semantic-Aware Enforcement of Rust Safety Invariants at Cross-Language Boundaries | |||||||||
| 言語 | ||||||||||
| 言語 | eng | |||||||||
| キーワード | ||||||||||
| 主題Scheme | Other | |||||||||
| 主題 | セキュリティ | |||||||||
| 資源タイプ | ||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_18gh | |||||||||
| 資源タイプ | technical report | |||||||||
| 著者所属 | ||||||||||
| Keio University | ||||||||||
| 著者所属 | ||||||||||
| Keio University | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| Keio University | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| Keio University | ||||||||||
| 著者名 |
Shengyang,Li
× Shengyang,Li
× Kenji,Kono
|
|||||||||
| 著者名(英) |
Shengyang Li
× Shengyang Li
× Kenji Kono
|
|||||||||
| 論文抄録 | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | Rust ensures strong memory safety through ownership and borrowing; yet, these guarantees often collapse at the cross language boundary. This transition creates a semantic gap―comprising vertical semantic loss during compilation and horizontal context discontinuity at the language boundary―leaving the Rust compiler oblivious to native execution. Existing analysis tools struggle to bridge this gap, suffering from either semantic erasure during lowering or prohibitive overhead from exhaustive instruction-level monitoring. We present RINA (Rust Invariant and Native Auditor ), a semantic-aware auditing framework that utilizes WebAssembly (Wasm) as a unified intermediate platform. RINA's key insight is to treat cross-language vulnerabilities as semantic invariant violations detectable at language boundaries. It statically lifts rich Rust semantics (e.g., ownership markers and thread-safety traits) as metadata and dynamically enforces these safety contracts via boundary-centric binary instrumentation. Preliminary evaluation on 21 real-world FFI CVEs across memory, type, semantic, thread, and exception safety dimensions demonstrates that RINA achieves a 95.2% recall rate (20/21) with low runtime overhead. RINA provides an efficient and practical solution for maintaining Rust's safety guarantees in an increasingly inter-connected ecosystem. | |||||||||
| 論文抄録(英) | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | Rust ensures strong memory safety through ownership and borrowing; yet, these guarantees often collapse at the cross language boundary. This transition creates a semantic gap―comprising vertical semantic loss during compilation and horizontal context discontinuity at the language boundary―leaving the Rust compiler oblivious to native execution. Existing analysis tools struggle to bridge this gap, suffering from either semantic erasure during lowering or prohibitive overhead from exhaustive instruction-level monitoring. We present RINA (Rust Invariant and Native Auditor ), a semantic-aware auditing framework that utilizes WebAssembly (Wasm) as a unified intermediate platform. RINA's key insight is to treat cross-language vulnerabilities as semantic invariant violations detectable at language boundaries. It statically lifts rich Rust semantics (e.g., ownership markers and thread-safety traits) as metadata and dynamically enforces these safety contracts via boundary-centric binary instrumentation. Preliminary evaluation on 21 real-world FFI CVEs across memory, type, semantic, thread, and exception safety dimensions demonstrates that RINA achieves a 95.2% recall rate (20/21) with low runtime overhead. RINA provides an efficient and practical solution for maintaining Rust's safety guarantees in an increasingly inter-connected ecosystem. | |||||||||
| 書誌レコードID | ||||||||||
| 収録物識別子タイプ | NCID | |||||||||
| 収録物識別子 | AN10444176 | |||||||||
| 書誌情報 |
研究報告システムソフトウェアとオペレーティング・システム(OS) 巻 2026-OS-170, 号 18, p. 1-7, 発行日 2026-02-09 |
|||||||||
| ISSN | ||||||||||
| 収録物識別子タイプ | ISSN | |||||||||
| 収録物識別子 | 2188-8795 | |||||||||
| Notice | ||||||||||
| SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc. | ||||||||||
| 出版者 | ||||||||||
| 言語 | ja | |||||||||
| 出版者 | 情報処理学会 | |||||||||
