MID-005: Memory Safe Programming Languages
Mitigation Tier: Intermediate
Description
Memory safe programming languages will give the device security guarantees around the bounds of memory that are safe to read, write, or execute. This can greatly reduce attacks targeting memory bounding errors. Memory safety integration in a device can take multiple forms. Individual drivers, libraries, critical kernel functions, or applications should be implemented in memory safe programming languages. In other instances, it may be possible to use entire kernels or OSes written in memory safe programming languages.
Consideration: Memory safe programming languages implement memory safety using different mechanisms. Based on a device’s resources and properties, using one language over another may be desirable. For example, certain memory safe programming languages use more resources due to their runtime memory protections. These can include garbage collection, virtual runtime environments, and code interpreters. Languages that fall into this category are Java, Python, and Go. Other languages, such as Rust, use compile-time checks to handle address spacing mappings and frees.
Limitation: Use of a memory safe language can help protect against a significant number of common vulnerabilities; however, it does not address every type of software weakness. For example, issues related to input validation, logic flaws, or deserialization can still occur in software written in memory safe languages.
IEC 62443 4-2 Mappings
- SAR / EDR / HDR / NDR 3.2 – Protection from malicious code
References
[1] National Security Agency. “Software Memory Safety.” defense.gov. Accessed: Aug. 28, 2024. [Online.] Available: https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF