Microsoft is Creating a Rust Based Programming Language for Secure Coding

A programming language is a set of information that is important for implementing algorithms in computers. There are plenty of programming languages available for our use. You can choose the one that satisfies your needs.

Recently, Microsoft has decided to create a rust based programming language. Rust is a multi-paradigm programming language which mainly focuses on safety and performance. Though the syntax is quite similar to that of C++, rust provides memory safety without garbage collection.

Also Read: Should Microsoft Make Windows 7 an Open Source?

Rust Based Programming Language for Secure Coding

In July last year, Microsoft has announced about their experiment of using Rust programming language over C, C++ for secure coding. So, they started Project Verona, to make Windows 10 more secure. Under the project Verona, Microsoft is going to integrate Mozilla developed Rust for low-level Windows components.

In this article, we will try to know why Microsoft is eager to create a rust based programming language? So, here we go:

Why Rust?

As per Microsoft, most of the bugs are related to the memory safely flaws. These flaws are present in the windows code written in C or C++. Moreover, 70% of the security-related issues occur in C and C++.

So, to protect widows from security vulnerabilities and to safeguard the memory space from various software bugs, Microsoft has started the project. Moreover, the “memory safe” Rust programming language can reduce the stress of the developers. Thus, the developers no need to worry about the memory safety bugs anymore.

Also Read: How to Transfer Windows 10 License to a New Computer

Matthew Parkinson (Microsoft researcher from the Cambridge Computer Lab in the UK) recently addressed the steps the company is taking to solve the memory issue. In the talk, He stated that Microsoft is now working with MemGC for internet explorer and edge.

“MemGC addressed vulnerabilities in the standard browser feature known as a Document Object Model (DOM), a representation of the data used by browsers to interpret web pages. Google’s elite Project Zero hackers were impressed with Microsoft’s MemGC after canvassing major browsers,” said Parkinson.

“We built a garbage collector (GC) for the DOM. That big bulge in use-after-free was basically people finding ways of exploiting memory management in the DOM engine in IE. And then [Microsoft] introduced MemGC, which is a conservative GC for the DOM. It was very targeted at this particular style of vulnerability and then basically eradicated that as an attack vector.”

Conclusion

Parkinson also stated that, as it is not possible to write everything from scratch, Microsoft will focus mainly to rewrite some targeted components in Rust.

“If we want compartments, and to carve up the legacy bits of our code so [attackers’] exploit code can’t get out, what do we need in the language design that can help with that?”

Moreover, Parkinson also said that they will declare the project as an Open-source. C# project manager Mads Torgensen and Microsoft Research Cambridge research software engineer Juliana Franco are also associated with the project.