Hacker News new | past | comments | ask | show | jobs | submit login

Video where this was introduced, which has more details: https://vimeo.com/376180843

Slides: https://www.slideshare.net/KTNUK/digital-security-by-design-...






Sylvan Clebsch and Sophia Drossopoulou (credited on Project Verona in a slide) work on the Pony, which has been described as a cross between Rust and Erlang.

The slides don't really add much detail. They're just a light introduction to the sort of region-based memory management that was already being used by Cyclone, well before the Rust project was even a thing.

> already being used by Cyclone, well before the Rust project was even a thing.

Let’s be a little more accurate here. Rust is an actively developed language, Cyclone was a research project that I don’t believe has received an update since 2006.

Rust also is explicit that it borrowed its lifetime concept from Cyclone. Rust is in use and gaining popularity in a way that Cyclone didn’t.

This is a bit like the debate between Apple and Xerox in terms of the beginnings of the desktop/mouse/GUI environment. Apple was the first to make it popular, xerox park invented it. Rust has a similar relationship with Cyclone.


It's clear to most that rust invented few, but that nobody cared because we just wanted these features to reach the mainstream, which rust embodies. Maybe the rust trend train gives people a false impression of innovative messiah... I don't know.

The video explains more:

- Need to keep old insecure code around, too much money to rewrite the world from scratch in Rust, C#, or whatever safe language makes your day

- They are just starting the project, so far only interpreter and runtime model

- It is based on CHERI CPU research (https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/), which has memory tagging

- They are planning to open source the existing work in a couple of months

- Looking for collaboration


Rewriting can be greatly automated. C2Rust[1] proves that. Just can be improved with new languages and refactoring capabilities.

[1] https://github.com/immunant/c2rust


> Need to keep old insecure code around

That's what process boundaries are for. (As a bonus, you get protection from any Spectre-like issues arising in the old code.)


Not everything can be neatly refactored out of a process.

Process boundaries don't protect against internal exploits, which is what most of the C and C++ exploits are all about.

If you are able to force a process to change its behaviour, the process boundaries become useless.


Process boundaries specifically protect against these exploits.

So how does a process boundary protect against Heartbleed?

Process boundaries help you when you start jumping through a ROP chain that spawns a shell because your process doesn't have access to things that it shouldn't, even when compromised. Calling Heartbleed an example of a process "changing its behavior" doesn't really make sense in the context of exploits that can cause arbitrary code execution.

You don't have to spawn a shell as a seperate process. Injecting and executing code inside a vulnerable process has been done for a long time.

A shell spawned in an unprivileged process is not very useful.

One doesn't need to spawn a shell.

Injecting and executing code inside an unprivileged process is not very useful.

Some black hats would consider stealing data, data corruption or triggering DOS already very useful for ransonware.

So each one gives an example that suits their own sales pitch.

I always knew Rust was picking up from Cyclone, but I was, stupid enough to assume Cyclone was half baked, half finish programming languages with the Ownership idea.

It wasn't until today I did a search on it, and it reached 1.0!

Why wasn't Cyclone being used or continue to be developed?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: