Safety & Security

Rust memory-safety and thread-safety guarantees at compile time already provide an improvement in functional safety compared to C. Additionally, using traits and constraints, further requirements and checks can be added to the kernel API e.g., it is impossible for a single consumer to have multiple producers. Bern RTOS adds memory access guarantees (e.g. stack overflow prevention, process memory access) at runtime.

Some of the safety improvements also help with security. However, there is currently a loop hole in the system calls. Some calls copy data in kernel mode from one thread to another. The addresses and size are passed to the system call. Therefore, a thread can gain access to all memory by making a system call with a manipulated address and size. The system calls should be validated for security. The API could be adapted and range checks placed accordingly.