Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Bringing Rust to Safety-Critical Systems in Space

Lukas Seidel, Julian Beier

TL;DR

This paper addresses the memory-safety vulnerabilities prevalent in safety-critical space software, where C dominates but safety assurances are lacking. It advocates a pragmatic Rust-enabled path for aerospace systems, combining ecosystem analysis, a partial C-to-Rust rewrite methodology, and a new bare-metal PowerPC target to broaden applicability. Key contributions include evaluating Rust’s space-readiness, detailing a CSP partial-rewrite case study with security improvements, and delivering a complete bare-metal PowerPC Rust target along with practical recommendations for practitioners. The work supports safer, more reliable space software through incremental adoption aligned with existing safety standards and certification workflows.

Abstract

The development of safety-critical aerospace systems is traditionally dominated by the C language. Its language characteristics make it trivial to accidentally introduce memory safety issues resulting in undefined behavior or security vulnerabilities. The Rust language aims to drastically reduce the chance of introducing bugs and consequently produces overall more secure and safer code. However, due to its relatively short lifespan, industry adaption in safety-critical environments is still lacking. This work provides a set of recommendations for the development of safety-critical space systems in Rust. Our recommendations are based on insights from our multi-fold contributions towards safer and more secure aerospace systems: We provide a comprehensive overview of ongoing efforts to adapt Rust for safety-critical system programming, highlighting its potential to enhance system robustness. Next, we introduce a procedure for partially rewriting C-based systems in Rust, offering a pragmatic pathway to improving safety without necessitating a full system overhaul. During the execution of our rewriting case study, we identify and fix three previously undiscovered vulnerabilities in a popular open-source satellite communication protocol. Finally, we introduce a new Rust compiler target configuration for bare metal PowerPC. With this, we aim to broaden Rust's applicability in space-oriented projects, as the architecture is commonly encountered in the domain, e.g., in the James Webb Space Telescope.

Bringing Rust to Safety-Critical Systems in Space

TL;DR

This paper addresses the memory-safety vulnerabilities prevalent in safety-critical space software, where C dominates but safety assurances are lacking. It advocates a pragmatic Rust-enabled path for aerospace systems, combining ecosystem analysis, a partial C-to-Rust rewrite methodology, and a new bare-metal PowerPC target to broaden applicability. Key contributions include evaluating Rust’s space-readiness, detailing a CSP partial-rewrite case study with security improvements, and delivering a complete bare-metal PowerPC Rust target along with practical recommendations for practitioners. The work supports safer, more reliable space software through incremental adoption aligned with existing safety standards and certification workflows.

Abstract

The development of safety-critical aerospace systems is traditionally dominated by the C language. Its language characteristics make it trivial to accidentally introduce memory safety issues resulting in undefined behavior or security vulnerabilities. The Rust language aims to drastically reduce the chance of introducing bugs and consequently produces overall more secure and safer code. However, due to its relatively short lifespan, industry adaption in safety-critical environments is still lacking. This work provides a set of recommendations for the development of safety-critical space systems in Rust. Our recommendations are based on insights from our multi-fold contributions towards safer and more secure aerospace systems: We provide a comprehensive overview of ongoing efforts to adapt Rust for safety-critical system programming, highlighting its potential to enhance system robustness. Next, we introduce a procedure for partially rewriting C-based systems in Rust, offering a pragmatic pathway to improving safety without necessitating a full system overhaul. During the execution of our rewriting case study, we identify and fix three previously undiscovered vulnerabilities in a popular open-source satellite communication protocol. Finally, we introduce a new Rust compiler target configuration for bare metal PowerPC. With this, we aim to broaden Rust's applicability in space-oriented projects, as the architecture is commonly encountered in the domain, e.g., in the James Webb Space Telescope.
Paper Structure (20 sections, 2 figures)

This paper contains 20 sections, 2 figures.

Table of Contents

  1. Introduction
  2. Background
  3. The Rust Programming Language
  4. Security Issues in Space
  5. Safety-Critical Systems
  6. Developing Safe Space Systems in Rust
  7. The Embedded Rust Ecosystem
  8. Safety-Critical Software Engineering
  9. Programming Guidelines
  10. Standardization and Qualification
  11. Making Software for Space Systems Safer
  12. Security Analysis
  13. Partially Rewriting C Applications
  14. A New Target Platform for Rust
  15. Cross-Compilation in Rust
  16. ...and 5 more sections

Figures (2)

  • Figure 1: Popularity of the embedded-hal Rust crate. The GitHub repository shows steady growth in popularity, measured in GitHub Stars, while the amount of monthly contributions also increases year-over-year.
  • Figure 2: Partial Rewriting and Linking Process. We substitute a single function of libCSP's C implementation with a Rust version and compile it into a single library without the changes being visible to end-users..