Datenzugriffsanalyse für Rust-Anwendungen

Introduction

With the widespread availability of trusted hardware, e.g. Intel's Software Guard Extensions (SGX) included in most common Intel CPUs, confidential computing has received a lot of attention recently. Such hardware can be used to create Trusted Execution Environments (TEEs) which protect contained code and data against unintended access, even if an attacker has access to priviledged software or directly to the hardware.

Among its numerous applications is the possibility to enhance a program's privacy preservation, as is researched in the PRIMaTE project. One focus of this project is to evaluate the feasability of partitioning, i.e. introducing multiple TEEs into the application, as a means of enhancing privacy even in the presence of exploitable software vulnerabilities.

Problem statement

In order to designate reasonable partitions, as well as evaluate their effectiveness, it is necessary to analyse the data accessibility of an application. Such an analysis shows the potential data accesses of parts of the code, e.g. functions, and can be used to efficiently co-locate code fragments with their accessed data into the same partition.

The programming language Rust promises, among other things, complete memory safety. To this end, the language is designed with a number of restrictions, which allow for static analysis of the code at compile time for potential memory errors. Due to this, it is a promising candidate for data accessibility analysis.

Task description

Prerequisites

• Good knowledge of Rust