Zenoh to launch missing component of shield
The key to block 70% of hacks on mobile network operators could be delivered by a little-known compiler from AdaCore, according to comms app developer ZettaScale. Like the best security agents, the invention will arrive without fanfare and sneak under the radar of publicity, carrying the inconspicuous tag of ISO 26262 certified compiler. However, this is the missing piece of a cyber-security armoury for mobile networks, according to Angelo Corsaro, Chief Executive and Technology Officer at ZettaScale. It’s due to be launched in June and could give operators a chance to shore up a major weakness in their infrastructure, the communications specialist claimed.
The weaponry to kill most security problems is simple and hiding in plain site, according to Corsaro. According to the Cybersecurity advice offered by the US National Security Agency 70% of security attacks come from memory safety issues and adopting a memory safe programming language could automatically removes those. Programming languages like Rust can heal the open wounds caused by memory management issues, according to Corsaro at ZettaScale. However, Rust’s powers to close the loop holes targeted by hackers has been stymied by the lack of an up-to-date version of a vital system component, a certified compiler, said Corsaro. The god news for security officers is that the missing piece, the ISO 26262 certified compiler, should be available in Q2 2023 from AdaCore.
The new compiler focuses Rust in its mission to write instructions that tighten up memory and concurrency safety along with free abstractions. Rust is now used by hyperscalers and cloud developers for clients likeDropBox which rewrote a good part of its infrastructure in this language. Rust was recently included in the US National Institute of Standards and Technology (NIST) list of safe programming languages for any telcos interested in developing safe and secure software.
It all came about because Mozilla needed a programming language to to solve the challenges it had with the JavaScript (JS) interpreter of the Firefox browser. “As you can imagine, a browser’s interpreter has to be extremely high performance and extremely secure because it’s a top target for hackers’ attacks,” said Corsaro, “but most JavaScript interpreters like V8 are written in C++, which is neither memory nor concurrency safe. Given that 70% of the security exploits come from memory management issues, you start understanding the level of pain.”
A previous attempt to ensure memory safety involved a ‘garbage collected programming language’, but their performance and real-time behaviour came at a cost, which often slowed both performances and memory usage. Rust also provides a language with extremely high-level constructs, inspired by functional programming languages, such as algebraic data types, futures and type classes, which all come with a ‘zero-cost abstraction’ promise – so they don’t affect performance, said Corsaro.
However, learning to use Rust, instead of traditional C and C++ languages, involves an investment that some telcos can’t afford – time. “The main difficulty encountered when learning Rust concerns its ownership model. It takes some time to get used to it, but not so long. In our team, it is usually two months for a C programmer or somebody with some good programming background to become sufficiently proficient in Rust,” said Corsaro.
In two months, 70% of a telco’s security problems could be eliminated. Is that worth investing in?