Securing legacy kernel with type-guided refactoring to rust

Abstract

Securing the safety of a kernel is primitive but extremely important in protecting operating systems from security threats. To enforce the kernel safety, various methods, $\textit{e.g.}$ fuzzing, static analysis, and formal verifications, are proposed, but limited by incompleteness, low precision, and high cost. To overcome the limitations, one suggested writing a kernel in a type-safe language. However, it is difficult to write a kernel in a safe language, since it requires unsafe low-level controls for performance and management of peripheral devices. In this paper, we propose $\textit{Type-Guided Refactoring (TGR)}$, a method to refactor legacy kernels to a type-safe programming language Rust, preserving kernel developers’ intent. We present the safe abstractions of core kernel components in types obtained from the method. Finally we inspect that TGR is systematic and efficient by applying TGR on an existing kernel, Hafnium.