Hardening Rust: Extending the Compiler and Runtime for Dynamic Object Layout Randomization

Data-only attacks that do not require control flow hijacking pose a significant challenge as they are immune to most classic compiler defenses. Dynamic Object Layout Randomization is an effective defense against this type of attacks. It dynamically rearranges the field positions of data-structure instances at runtime, thereby complicating targeted attacks on such data structures.

While this mechanism has been explored for C/C++, this work implements it for the Rust programming language. It takes advantage of the not fixed field positions in a struct layout and additionally includes protection for Rust’s enum type. Moreover, previous solutions can suffer from considerable performance and memory overheads due to the expensive layout-object mappings and have security flaws caused by insufficient protection of the randomization metadata. We tackle both problems by first storing data into the layout itself and by exploiting Intel’s segmentation rudiments known as information hiding to effectively hide the metadata from attackers while making legitimated accesses simple and quick.

We evaluate the compatibility and performance of this mechanism with several real-world applications, including a coreutils port in Rust, the Rocket web framework, Firefox, and the official Rust compiler benchmarks. Our system is broadly applicable to all evaluated applications with minor modifications. Although the performance overhead is relatively high for computationally intensive applications, the overhead is predominantly caused by data structures with few fields. By automatically filtering such structures, the approach achieves decent performance. Our mechanism is particularly well suited for Firefox. With full randomization of all structures and enums with three or more fields, we observed only a 34.74% reduction in graphics performance and a 4.34% loss in responsiveness.