The fact that programming languages like Rust help mitigate memory-related vulnerabilities is not a new idea. In a new report, Google presents how the approach brings added value even to complex projects like Android and names secure coding as a strategic programming paradigm.
Advertisement
In Current report on its secure coding strategy The company emphasizes that the proportion of security vulnerabilities caused by memory problems depends largely on the programming language used. On Android, these accounted for 76 percent of all vulnerabilities in 2019, but will drop to 24 percent by 2024 — well below the industry average of 70 percent.
Secure coding expands security strategy
It is known that memory errors often have more serious consequences than other error categories. Typically, developers address these errors with reactive measures, i.e. by fixing errors after the vulnerability is discovered. The next level of error prevention is proactive defense measures, such as exploit mitigation, which make attacks more difficult but may result in performance loss. Finally, development teams rely on proactive measures, for example fuzzing or code analysis, but these usually only mitigate the symptoms of vulnerabilities.
But these approaches do not yet answer the question of how measures can be affordably scaled and integrated into large, growing projects whose code bases are constantly growing.
Google is now proposing another security strategy at this point: secure coding. This paradigm integrates security standards directly into the development process, which allows greater control over code properties and, unlike the mentioned approach, promises continuous security through preventive measures. Ultimately, this should reduce the risk of security vulnerabilities occurring in the first place.
More than 50 percent less memory errors in Android
Google teams knew that most vulnerabilities occurred in new or recently changed code. Studies also show that only three percent of all problems pose a serious risk. According to internal simulations, if there are new developments in memory-safe languages, the proportion of memory errors could be significantly reduced, even if the overall amount of unsafe code increases.
Based on this, the Android team has focused on using memory-safe languages since 2019 and has included it at the core of its secure coding strategy. Relying solely on C++ has not been an option for Google for some time.
For Android, this means a significant investment in the Rust ecosystem (for interoperability between Rust and C++, as well as between Rust and Kotlin), including a $1 million grant to the Rust Foundation.
Today, nearly five years later, Google looks back at the results of its field testing. And indeed: compared to 2019, the number of memory errors in Android has dropped from 76 percent then to 24 percent today. And secure coding is also beneficial from an overall perspective – according to Google, that’s what it was able to do
- Break the arms race: Instead of constantly arming yourself against attackers, secure coding focuses on developing secure code from the beginning.
- Establish security as a standard: Secure coding creates a higher level of security by using memory-safe languages like Rust, without individual adjustments for each risk.
- Increase productivity: Errors are found during the development phase, thereby improving the correctness of the code. For example, Google states that Rust requires less than half the number of rollbacks in the Android team than C++.
Interoperability instead of rewriting: What companies can learn from Google
Instead of completely rewriting old, unsafe code, Google relies on interoperability with secure coding to include memory-safe languages like Rust. This protects existing investments and allows new operations to be developed more quickly. This paradigm not only promises greater security, but also improves the productivity of development teams by identifying and fixing errors at an early stage.
(Image: Magergram/Shutterstock)
This will happen for the fourth time on November 5 BetterCode() rust insteadThis year the focus has been on embedded development. The online conference organized by iX and dpunkt.verlag shows what advantages Rust has, especially for critical systems.
Program Offers lectures on the following topics:
- Embedded development with Rust: security and performance combined
- Asynchronous Rust: More Efficient Embedded Development
- unsafe for work
- From 0 to UI with Slint
- Rust in automotive sector
- Secure and Open: Rust and RISC-V for Embedded Developers
Rust isn’t particularly popular just with Google. Microsoft plans to use the language in the Windows kernel and Linux also adds Rust to the kernel.
In the future, Google hopes to rely less on patches and more on preventative security, which should also increase efficiency. Focusing on mitigating new vulnerabilities has already proven effective for Android.
(Who)
