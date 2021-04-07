



Posted by Jeff VanderStoep and Stephen Hines, Android Team

Code accuracy on the Android platform is a top priority for the security, stability, and quality of each Android release. Memory safety bugs in C and C ++ continue to be the most difficult and inaccurate causes to deal with. We have put a lot of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from being incorporated into Android releases. Despite these efforts, memory safety bugs continue to be the number one cause of stability issues, consistently representing approximately 70% of Android’s high-severity security vulnerabilities.

In addition to ongoing and upcoming efforts to improve memory bug detection, we are stepping up efforts to prevent them in the first place. Memory-safe languages ​​are the most cost-effective way to prevent memory bugs. In addition to memory-safe languages ​​such as Kotlin and Java, we are pleased to announce that the Android Open Source Project (AOSP) now supports the Rust programming language for developing the OS itself.

Management languages ​​such as Java and Kotlin are great options for Android app development. These languages ​​are designed for ease of use, portability, and safety. The Android Runtime (ART) manages memory on behalf of the developer. The Android OS makes extensive use of Java and effectively protects most of the Android platform from memory bugs. Unfortunately, at the bottom of the OS, Java and Kotlin are not optional.

At the lower level of the OS, system programming languages ​​such as C, C ++, and Rust are required. These languages ​​are designed with the goal of control and predictability. They provide low-level access to system resources and hardware. They are resource-poor and have more predictable performance characteristics.

For C and C ++, the developer is responsible for managing memory lifetime. Unfortunately, especially in complex and multithreaded code bases, it’s easy to make mistakes when doing this.

Rust guarantees memory safety by combining compile-time checks to apply object lifetime / ownership and using run-time checks to ensure that memory access is valid. This security is achieved while providing performance comparable to C and C ++.

The C and C ++ languages ​​do not provide these same security guarantees and require robust isolation. All Android processes are sandboxed and follow rule 2 to determine if a feature requires additional isolation and deprivation of privileges. Rule 2 is simple. Given three options, the developer can only choose two of the following three options:

For Android, this means that the code is written in C / C ++ and must be contained in a tightly constrained, unprivileged sandbox when parsing untrusted input. Adhering to the Rule of 2 is effective in reducing the severity and reachability of security vulnerabilities, but it has limitations. Sandboxing is expensive. The new processes required consume additional overhead and are delayed by IPC and additional memory usage. Sandboxing does not eliminate vulnerabilities from your code, but it is less effective due to the high density of bugs, allowing an attacker to chain multiple vulnerabilities.

Memory-safe languages ​​like Rust can help you overcome these limitations in two ways:

Reduces the density of bugs in your code and makes your current sandbox more effective. It reduces the need for sandboxes and enables the introduction of new features that make resources safer and lighter.

Of course, introducing a new programming language doesn’t address bugs in existing C / C ++ code. Even with the efforts of all the software engineers on the Android team, it’s impossible to rewrite tens of millions of lines of code.

The above analysis of the era of memory safety bugs in Android (measured from the time it was first introduced) focuses most on new developments rather than rewriting mature C / C ++ code in memory safety language efforts. Shows the reason for this. Most of our memory bugs occur in new or recently modified code, about 50% less than a year.

The relatively rare aspect of old memory bugs may surprise some, but it turns out that old code isn’t where we need the most urgent improvements. As software bugs are discovered and fixed over time, the number of bugs in code that is maintained but not actively developed is expected to decrease over time. Just as reducing the number and density of bugs improves the effectiveness of sandboxes, it also improves the effectiveness of bug detection.

Robust testing, sanitization, and fuzzing bug detection are essential to improving the quality and accuracy of all software, including software written in Rust. The main limitation of the most effective memory safety detection technique is that the instrumented code must actually trigger the error condition in order to be detected. Even with a codebase with good test / fuzz coverage, this will prevent many bugs from being detected.

Another limitation is that bug detection scales faster than bug fixes. For some projects, the bugs that are detected may not always be fixed. Bug fixing is a time-consuming and costly process.

Each of these steps is costly, and the lack of one of them can prevent some or all users from being patched for the bug. For complex C / C ++ code bases, only a handful of people can develop and review fixes, and even if you put a lot of effort into fixing bugs, the fixes may not be correct.

Bug detection is most effective when bugs are relatively rare and dangerous bugs can be given the urgency and priority of their benefits. To take advantage of improved bug detection, you should prioritize preventing new bugs from occurring.

Rust updates aspects of various other languages ​​to improve code accuracy.

Memory Safety-Combines compiler and run-time checks to increase memory safety. Data Concurrency-Prevents data races. This made it easy for users to write efficient and thread-safe code, and gave birth to Rust’s Fearless Concurrency slogan. More Expressive Type Systems-Helps prevent logic programming bugs (eg newtype wrappers, enum variants with content). References and variables are immutable by default-help developers follow the security principles of least privilege and mark references or variables as modifiable only if they really intend to do so. C ++ has const, but it is used infrequently and tends to be inconsistent. In contrast, the Rust compiler helps avoid confusing modifiable annotations by providing warnings for mutable values ​​that never change. Improved error handling in the standard library-wraps potentially failing calls in Result. This causes the compiler to require the user to check for failures, even if the function does not return the required value. This protects against bugs such as the Rage Against the Cage vulnerability caused by unhandled errors. ?? To optimize operators and results and reduce overhead by making it easier to propagate errors through, Rust allows users to write fallable functions in the same style and receive the same protection. Is recommended. Initialization-All variables must be initialized before they can be used. Uninitialized memory vulnerabilities have traditionally been the root cause of 3-5% of Android security vulnerabilities. Android 11 has started automatic memory initialization in C / C ++ to alleviate this problem. However, initializing to zero is not always safe, especially if this can be a new source of incorrect error handling, such as a return value. Rust requires that all variables be initialized to legitimate members of that type before they can be used, avoiding the problem of unintentionally initializing to unsafe values. Like Clang in C / C ++, the Rust compiler is aware of initialization requirements and avoids the potential performance overhead of double initialization. Safer Rounding-Overflow sanitization is turned on by default in Rust debug builds, so programmers specify wrapping_add if they really intend the calculation to overflow, otherwise specify saturating_add. I urge you to do it. We plan to enable overflow sanitization on all Android builds. In addition, all integer conversions are explicit casts. Developers cannot accidentally cast during a function call when assigning to a variable or when trying to perform an arithmetic operation on another type.

Adding new languages ​​to the Android platform is a big job. There are toolchains and dependencies that need to be maintained, test infrastructure and tools that need to be updated, and developers that need training. Over the last 18 months, we’ve added Rust support to our Android open source projects. We also have some early adopter projects to share in the coming months. Extending this to more operating systems is a multi-year project. We will continue to post the latest information on this blog, so stay tuned.

Java is a registered trademark of Oracle and / or its affiliates.

Thanks to Matthew Maurer, Bram Bonne, and Lars Bergstrom for contributing to this post. Special thanks to my colleague Adrian Taylor for providing insights into the era of memory vulnerabilities and Chris Palmer for working on “The Rule of 2” and “The limits of Sandboxing”.

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos