Microsoft develops programming language for secure coding

Get a free Techzine subscription!

Microsoft is in the process of developing a programming language aimed at ensuring security. The company itself calls this ‘safe infrastructure programming’. The programming language should become open-source in the foreseeable future.

In project Verona, Microsoft aims to make Windows 10 safer for users using the Rust programming language designed by the Mozilla developers. The new programming language, which is still under construction, is based on Rust. This is probably due to the fact that many errors in Windows have to do with memory, and Rust has been specifically designed so that this type of bug no longer causes problems for developers.

Memory safety

Memory safety is the term for code frameworks that help protect memory spaces from malware abuse. Project Verona at Microsoft is intended to seal off that attack surface against intruders.

Matthew Parkinson, a Microsoft researcher at the Cambridge Computer Lab in the United Kingdom, focuses on “investigating memory management for managed programming languages”. In a lecture, Parkinson discussed Microsoft’s work with MemGC, an abbreviation for Memory Garbage Collector, for Internet Explorer (IE) and Edge.

MemGC focuses on weaknesses in the browser function known as a Document Object Model (DOM). This is a representation of the data that browsers use to interpret web pages.

“We built a garbage collector (GC) for the DOM. That big bulge in use-after-free was basically people finding ways of exploiting memory management in the DOM engine in IE,” said Parkinson. The bulge refers to a graph that showed the prominence of bugs in memory safety. 

Parkinson further stated that Microsoft is rewriting a number of components in Rust. This should lead to the removal of certain parts of the language that are vulnerable to exploitation by hackers.