Previously, Microsoft said it was exploring Rust as a security alternative to C and C, and also demonstrated the experience of rewriting Windows components with Rust, a programming language that fundamentally considers security, and they will try to use Rust to rewrite various products because Over the past decade, more than 70 percent of Microsoft’s security patches have provided memory-related errors, and Rust is the “good medicine” for solving this problem.
In a recent speech about Microsoft’s work to address memory problems, Microsoft researcher Matthew Parkinson referred to Verona, a new Rust-based programming language being developed by Microsoft, according to ZDNet.
In the presentation, Matthew first shared microsoft work on Garbage Memory Collector, a memory garbage collector on iE and Edge browsers that addresses one feature of standard browsers. A vulnerability in the Document Object Model (DOM), where the DOM represents the HTML document content in a tree structure.
Then he leads to another question: How do you build the safest product? Not just discardwhat what you already have, but think about what can be built in a more secure system. He describes how Microsoft is using Rust to rewrite some components and asks, “If we want to isolate and refine the legacy code so that attackers can’t get away with it, how do we design the language?” ”
Matthew presented Verona, a new Rust-based programming language that Microsoft is developing, which he says is the first time the project has been discussed, and verona is a new language for Microsoft’s safe infrastructure programming.
Matthew is described by Mads Torgensen, a project manager at C. And Juliana Franco, a research software engineer at Microsoft Research Cambridge.
Microsoft’s challenge is to address a wide range of applications, ranging from the application of the C? desktop to C or C Exchange, ASP.NET, Azure and device drivers, to the underlying Windows components such as memory management and boot loaders, and the Windows kernel hardware abstraction layer (HAL, hardware abstraction layer).
“It’s really difficult to perform memory management, and temporary memory security can be very difficult if there are any concurrent mutations,” Matthew explains Verona’s design idea: “Verona’s ownership model is based on object groups, not on individual objects like Rust’s. A pointer is available in C? and it is object-based. But unlike my thinking about data and syntax, I think the data structure is a collection of objects, and a collection of objects is a life cycle. So by taking ownership of objects, we can get closer to the level of abstraction that people are using, which allows us to build data structures without going beyond security. “
So by-by-the-car s-level of the level of the in-the-objects, then-get-lot-lot closer to the level of the level of the level of the level of the Le use and it gives us the ability to build data structures without go outside of safety.
In addition, Matthew says Verona will soon be open source.