secbits 0.3.3

A library for secure memory handling featuring
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

# SecBits

A Rust library for secure memory handling with enhanced protection against common vulnerabilities and memory inspection attacks.

## Features
- ๐Ÿ”’ Secure memory allocation with page alignment
- ๐Ÿงน Automatic secure zeroing before deallocation
- ๐Ÿ” Memory locking to prevent swapping to disk
- ๐Ÿ›ก๏ธ Fork protection (Linux) to wipe memory on fork
- ๐Ÿšซ Core dump exclusion to prevent sensitive data leaks
- ๐Ÿ”‘ Fine-grained access control with read/write guards

## Security Properties

- Confidentiality: Memory is locked and wiped on release
- Integrity: Write access is controlled via guards
- Availability: Prevents accidental exposure via core dumps
- Least Privilege: Memory starts as no-access, transitions only when needed


**Use Case**: Sensitive data handling (cryptographic keys, passwords, PII)

## Installation

Add to Cargo.toml:

```toml
[dependencies]
secbits = "0.3.0"
```


## Quick Start

```rust
use secbits::SecBytes;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create secure storage
    let mut secret = SecBytes::from_bytes("my_secret".as_bytes().to_vec())?;

    // Store sensitive data (source gets zeroed)
    secret.edit()?.append(b"extra data".to_vec())?;

    // Read access
    {
        let view = secret.view()?;
        assert_eq!(view.as_slice(), b"my_secretextra data");
    } // drop view

    // Write access (exclusive)
    {
        let mut edit = secret.edit()?;
        edit.as_slice()[..3].copy_from_slice(b"NEW");
    } // drop edit

    println!("{:?}", std::str::from_utf8(secret.view()?.as_slice()));
    assert_eq!(secret.view()?.as_slice(), b"NEWsecretextra data");

    Ok(())
} // Memory automatically unlocked and zeroed here
```

## Major Components

### 1. SecSpace Core

```rust
pub struct SecSpace {
    ptr: NonNull<u8>, // Non-null pointer to memory region
    cap: usize,       // Capacity in bytes (always page-aligned)
    pkey: Option<i32>,
}
```

Key Features:

- ๐Ÿ“ Page-Aligned Allocations: Always uses system page size multiples
- ๐Ÿ›ก๏ธ Protection Modes:
    - `ProtectionMode::None` - No access (default)
    - `ProtectionMode::Read` - Read-only
    - `ProtectionMode::ReadWrite` - Read-write
- โ˜ ๏ธ Secure Drop:
    - Set memory to RW mode
    - Zero using platform-secure methods
    - Unlock and deallocate


### 2. SecBytes Buffer

```rust
pub struct SecBytes {
    mem: SecSpace,
    len: usize,
    reader_count: AtomicUsize,
}
```

Key Features:

- ๐Ÿ“ˆ Dynamic Resizing: Maintains 2x growth factor
- ๐Ÿ‘€ Access Views:
    - `SecReadBytes`: Shared read access (RO mode)
    - `SecWriteBytes`: Exclusive write access (RW mode)
- ๐Ÿงต Concurrency Safety:
    - Multiple readers allowed
    - Writers get exclusive access via &mut


## Key Tricks

### 1. Safe Memory Management

```rust
// Always use RAII guards
{
    let view = secret.read()?;  // Auto sets RO
    // use view...
} // Auto resets to NOACCESS
```

### 2. Secure Data Handling

```rust
// Source data gets zeroed automatically
secret.edit()?.append(&mut sensitive_data)?;
```

## ๐Ÿ”’ Security Considerations

Guarantees

- ๐Ÿ›ก๏ธ Memory never swapped to disk (mlock)
- ๐Ÿšซ Sensitive data excluded from core dumps
- ๐Ÿ•ต๏ธ Defeats heap inspection attacks
- ๐Ÿง  Prevents compiler optimizations from skipping zeroing

Limitations

-  โš ๏ธ Requires CAP_IPC_LOCK on Linux (or root)
-  ๐Ÿ’พ Physical memory still potentially recoverable
-  ๐Ÿ”Œ Doesn't protect against hardware attacks