Encapsulated Functions: Fortifying Rust's FFI in Embedded Systems

Memory-safe languages like Rust are increasingly popular for systems development. Nonetheless, practical systems must interact with code written in memory-unsafe languages. This is especially true in security and safety-critical embedded systems, where subsystems such as cryptographic implementations are subject to industrial and governmental certification requirements. Direct interactions with such libraries, however, expose memory-safe languages to significant risks: Any single bug in either the foreign code or the cross-language interactions may arbitrarily violate the memory safety of the wrapping language. We present Encapsulated Functions , a framework for safely invoking untrusted code in a memory-safe system with minimal overheads. Encapsulated Functions combines hardware-based memory protection mechanisms with a set of Rust type abstractions to facilitate safe interactions with untrusted and unmodified third-party libraries.