PermRust: A Token-based Permission System for Rust
Lukas Gehring, Sebastian Rehms, Florian Tschorsch
TL;DR
PermRust introduces a novel token-based permission system for Rust that enables fine-grained, library-level resource access control, enhancing security without incurring runtime costs.
Contribution
It adapts capability system concepts to Rust, creating a theoretical foundation for language-level permission management.
Findings
Provides a zero-cost abstraction over Rust's type system
Enables per-library resource access control
Enhances security in Rust applications
Abstract
Permission systems which restrict access to system resources are a well-established technology in operating systems, especially for smartphones. However, as such systems are implemented in the operating system they can at most manage access on the process-level. Since moderns software often (re)uses code from third-parties libraries, a permission system for libraries can be desirable to enhance security. In this short-paper, we adapt concepts from capability systems building a novel theoretical foundation for permission system at the level of the programming language. This leads to PermRust, a token-based permission system for the Rust programming language as a zero cost abstraction on top of its type-system. With it access to system resources can be managed per library.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsVehicular Ad Hoc Networks (VANETs)