Prossimo, an ISRG project to secure Linux kernel memory with Rust

Josh Aas, CEO of the Internet Security Research Group (ISRG, parent organization of the Let's Encrypt project) made it known last week by posting his intentions to support Miguel Ojeda (Linux kernel developer and software engineer), aiming to coordinate efforts to move critical software infrastructure to memory-safe code.

And is that the ISRG has provided the prominent developer Miguel Ojeda a one year contract to work at Rust on Linux and other full-time security efforts.

According to Miguel Ojeda, the benefits of introducing the language Rust on the Linux kernel outweigh the costs. For the developer, when using Rust on the Linux kernel, new code written in Rust has a reduced risk of memory security errors, thanks to the properties of the Rust language. The Rust language would be popular for its safety.

Efforts to make Rust a viable language for Linux kernel development began at the Linux Plumbers 2020 conference, with the idea of ​​Linus Torvalds himself.

Torvalds specifically requested the availability of the Rust compiler in the default kernel build environment to support such efforts, not to replace all Linux kernel source code with Rust-developed equivalents, but to allow new development to function properly.

Using Rust for new code in the kernel can mean new hardware drivers or even replace GNU Coreutils, potentially reduces the number of hidden kernel bugs. Rust simply won't allow a developer to leak memory or create the possibility of buffer overflows, the main sources of performance, and security issues in complex C-language code.

The new contract Internet Security Research Group grants Ojeda a full-time salary to continue memory security work I was already doing part time. ISRG CEO Josh Aas notes that the group has worked closely with Google engineer Dan Lorenc, and that Google's financial support is essential to sponsor Ojeda's ongoing work.

"Big efforts to eliminate entire classes of security problems are the best investments on a large scale," Lorenc said, adding that Google is "delighted to help ISRG support Miguel Ojeda's work to improve memory security. kernel for everyone ».

“ISRG's Prossimo memory security project aims to coordinate efforts to move critical software infrastructure from the Internet to protect code in memory. When we think of the most critical code for the Internet today, the Linux kernel tops the list. Bringing memory security to the Linux kernel is a big job, but the Rust for Linux project is making big strides. We are pleased to announce that we officially began supporting this work in April 2021 by providing Miguel Ojeda with a contract to work on Rust for Linux and other full-time security efforts for one year. This was made possible by financial support from Google. Before working with ISRG, Miguel was doing this work as a side project. We are happy to do our part to support the digital infrastructure by allowing you to work there full time.

“We worked closely with Dan Lorenc, a Google software engineer to make this collaboration possible.

Ojeda's work is the first sponsored project under the Prossimo banner of the ISRG, but it is not the first step the organization has taken towards greater memory security. The previous initiatives include a secure TLS module in-memory for the Apache web server, an in-memory safe version of the curl and rustls data transfer utility, an in-memory safe alternative to the ubiquitous OpenSSL network encryption library.

As Josh Aas explains,

"Although this is the first memory security effort we announced under our new project name Prossimo, our memory security work began in 2020 and the Apache HTTP server, and to add enhancements to the Rustls TLS library." .


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.