secbits 0.3.3

A library for secure memory handling featuring
Documentation

SecBits

A Rust library for secure memory handling with enhanced protection against common vulnerabilities and memory inspection attacks.

Features

  • ๐Ÿ”’ Secure memory allocation with page alignment
  • ๐Ÿงน Automatic secure zeroing before deallocation
  • ๐Ÿ” Memory locking to prevent swapping to disk
  • ๐Ÿ›ก๏ธ Fork protection (Linux) to wipe memory on fork
  • ๐Ÿšซ Core dump exclusion to prevent sensitive data leaks
  • ๐Ÿ”‘ Fine-grained access control with read/write guards

Security Properties

  • Confidentiality: Memory is locked and wiped on release
  • Integrity: Write access is controlled via guards
  • Availability: Prevents accidental exposure via core dumps
  • Least Privilege: Memory starts as no-access, transitions only when needed

Use Case: Sensitive data handling (cryptographic keys, passwords, PII)

Installation

Add to Cargo.toml:

[dependencies]
secbits = "0.3.0"

Quick Start

use secbits::SecBytes;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create secure storage
    let mut secret = SecBytes::from_bytes("my_secret".as_bytes().to_vec())?;

    // Store sensitive data (source gets zeroed)
    secret.edit()?.append(b"extra data".to_vec())?;

    // Read access
    {
        let view = secret.view()?;
        assert_eq!(view.as_slice(), b"my_secretextra data");
    } // drop view

    // Write access (exclusive)
    {
        let mut edit = secret.edit()?;
        edit.as_slice()[..3].copy_from_slice(b"NEW");
    } // drop edit

    println!("{:?}", std::str::from_utf8(secret.view()?.as_slice()));
    assert_eq!(secret.view()?.as_slice(), b"NEWsecretextra data");

    Ok(())
} // Memory automatically unlocked and zeroed here

Major Components

1. SecSpace Core

pub struct SecSpace {
    ptr: NonNull<u8>, // Non-null pointer to memory region
    cap: usize,       // Capacity in bytes (always page-aligned)
    pkey: Option<i32>,
}

Key Features:

  • ๐Ÿ“ Page-Aligned Allocations: Always uses system page size multiples
  • ๐Ÿ›ก๏ธ Protection Modes:
    • ProtectionMode::None - No access (default)
    • ProtectionMode::Read - Read-only
    • ProtectionMode::ReadWrite - Read-write
  • โ˜ ๏ธ Secure Drop:
    • Set memory to RW mode
    • Zero using platform-secure methods
    • Unlock and deallocate

2. SecBytes Buffer

pub struct SecBytes {
    mem: SecSpace,
    len: usize,
    reader_count: AtomicUsize,
}

Key Features:

  • ๐Ÿ“ˆ Dynamic Resizing: Maintains 2x growth factor
  • ๐Ÿ‘€ Access Views:
    • SecReadBytes: Shared read access (RO mode)
    • SecWriteBytes: Exclusive write access (RW mode)
  • ๐Ÿงต Concurrency Safety:
    • Multiple readers allowed
    • Writers get exclusive access via &mut

Key Tricks

1. Safe Memory Management

// Always use RAII guards
{
    let view = secret.read()?;  // Auto sets RO
    // use view...
} // Auto resets to NOACCESS

2. Secure Data Handling

// Source data gets zeroed automatically
secret.edit()?.append(&mut sensitive_data)?;

๐Ÿ”’ Security Considerations

Guarantees

  • ๐Ÿ›ก๏ธ Memory never swapped to disk (mlock)
  • ๐Ÿšซ Sensitive data excluded from core dumps
  • ๐Ÿ•ต๏ธ Defeats heap inspection attacks
  • ๐Ÿง  Prevents compiler optimizations from skipping zeroing

Limitations

  • โš ๏ธ Requires CAP_IPC_LOCK on Linux (or root)
  • ๐Ÿ’พ Physical memory still potentially recoverable
  • ๐Ÿ”Œ Doesn't protect against hardware attacks