For years, Google has been working hard to make Android an increasingly secure OS. Attackers look for any loophole they can exploit, using mundane methods like phishing or more complex ones like memory safety vulnerabilities. Now, Google explains how the Safe Coding approach has managed to significantly reduce memory safety vulnerabilities in Android in recent years.
Google uses Safe Coding approach against memory safety vulnerabilities
Memory safety vulnerabilities are those that take advantage of memory-related bugs, such as buffer overflows, format string issues, or dangling pointers, to interact with or even write over the memory. These types of vulnerabilities are still widely present in software development. Developers try to attack them from various approaches, with mitigations and proactive detections predominating. However, Google is confident that Safe Coding is the ideal approach to minimize memory safety vulnerabilities, as evidenced by its results with Android.
The Safe Coding approach prioritizes the use of memory-safe programming languages from the start. However, there is software that is many years old and has millions of lines of key code developed on “memory-unsafe” languages. So, what is Google’s proposal in these cases? The answer is in the gradual transition to memory-safe languages (like Rust) for new features.
Basically, Google proposes that developers start implementing exclusively memory-safe languages when developing new features. In the meantime, old code based on unsafe languages will remain “unchanged” beyond the classic maintenance and bug fixes. This translates into achieving safe, efficient, and cost-effective interoperability between new and old code.
Android’s memory safety vulnerabilities fell 52% in 6 years
According to Google, the Safe Coding approach resulted in a drop in memory safety vulnerabilities in Android from 76% to 24% in just 6 years. However, the idea of keeping memory-unsafe code can seem counterintuitive. After all, if you’re looking for maximum security, your first thought would be to migrate all your code to a safe language. While this may be true, Google’s approach makes sense, and the company explains why.
In software development, code efficiency and cost-effectiveness are key. There are tools or entire systems with many years of development behind them. This involves millions and millions of fundamental lines of code. While a company could simply start rewriting software from scratch based on memory-safe languages, the investment and effort are probably not worth it. The situation might be different in relatively new developments with not much time behind them, though.
Advantages of Safe Coding and interoperability
Google claims that the Safe Coding approach, which is based on code interoperability, is a cost-effective and practical way to adopt memory-safe code. This, in turn, makes it cost-effective, as it allows companies to leverage previous investments. The cost is significantly lower compared to rewriting software from scratch. It is also efficient because it allows new features to continue to be developed while integrating the new, safe code.
Using inherently memory-safe code also ensures lower costs in the long run. Previous approaches favored an endless cycle of “attack and defend” between developers and attackers. Relying on mitigations and proactive detections necessitated continuous action and investment in response to potential attacks. However, Safe Coding allows developers and companies to forget about this, focusing on maintaining and improving features or fixing bugs.
There is also greater productivity thanks to lower code rollback rates. That is, there are fewer emergency code rollback situations due to unexpected bugs. Google claims that Rust offers code rollback rates of less than half that of C++. Essentially, Safe Coding brings significant savings in time and money for businesses and developers. In today’s industry, which closely monitors profitability, this can be crucial.
Google reveals that it implemented interoperability between “Rust ︎ C++ and Rust ︎ Kotlin.” The company has also contributed both money and tools to power its approach. For example, Google gave $1,000,000 to the Rust Foundation to boost its evolution. It also provided its own interoperability tools, such as Crubit and autocxx.
This is how the Safe Coding approach makes software more secure
You may still be wondering how an approach that keeps memory-unsafe code can lead to an exponential reduction of memory safety vulnerabilities. Google also explains this in its blog post, in a very technical way, but I’ll try to make it simple for everyone.
Through large-scale studies, USENIX Security and Google itself discovered an intriguing phenomenon. Basically, the research concluded that the vast majority of memory vulnerabilities in software have their origin in new code. A significant portion is also derived from recently modified code. Google also noticed that the density of Android memory safety vulnerabilities decreased progressively in old code.
Given that a significant portion of the issue stems from new code, it makes sense to focus on it, correct? This is the reasoning behind Google’s decision to adopt the Safe Coding approach. But why do more problems and vulnerabilities accumulate in new code? This is because every programming language has a fundamental property: maturation.
While the fundamental structure of a language can make it memory unsafe, successive updates can help mitigate this. So, theoretically, unsafe code used in older parts of the software can become less vulnerable over time. By combining the maturation of older code with new features developed in new, inherently memory-safe code, the result will be an exponential decrease in memory vulnerabilities.
Google recommends Rust as a memory-safe language
Of course, porting parts of older code to languages like Rust can make things even safer. However, this isn’t always possible, at least not in a straightforward way. There are cases where moving a single block can bring down the whole castle. Google is adamant about Rust as a memory-safe programming language. So if you’re interested in learning programming or a new language to be competitive in today’s industry, Rust may be what you’re looking for.
Memory safety vulnerabilities aren’t the only ones out there. Malicious third parties will continue to look for ways to try to bypass the security layers of any software. However, having strong barriers in the “guts” of the software ensures that attackers will have to resort to more mundane and easily neutralized methods. For example, you can avoid being a victim of phishing by simply using common sense.
The post How Google reduced Android’s safety vulnerabilities by 52% appeared first on Android Headlines.