The Linux kernel has been applied in various security-sensitive fields, so ensuring its security is crucial. Vulnerabilities in the Linux kernel are usually caused by undefined behaviors of the C programming language, the most threatening of which are memory safety vulnerabilities. Both the software-based and hardware approaches to memory safety have disadvantages of poor performance, false positives, and poor compatibility. This paper explores the feasibility of using the safe programming language Rust to reconstruct a Linux kernel component and open-source the component's code. We leverage the Rust FFI mechanism to design a safe foreign interface layer to enable the reconstructed component to invoke other Linux functionalities, and then use Rust to reconstruct the component, during which we leverage Rust's type-safety and ownership mechanisms to improve its security, and finally export the C interface of the component to enable the invocation by the Linux kernel. The performance and memory overhead of the reconstructed component, referred to as “rOOM”, were evaluated, revealing a performance overhead of 8.9% in kernel mode, 5% in user mode, 3% in real time, and a memory overhead of 0.06%. These results suggest that it is possible to develop key components of the Linux kernel using Rust in terms of functionality, performance, and memory overhead.

To support mobility, multihoming, routing scalability, and security, there are a lot of proposals based on ID/Locator split approach not only for the current Internet but also for the future Internet. However, none of them meet the requirements for practical operation such as (1) support heterogeneous network layer protocols, (2) scalability of ID/Locator mapping system, (3) independence of mapping information management, and (4) avoidance of locator leakage beyond the administrative boundary. This paper proposes a network layer protocol called Z Network Protocol (ZNP) for the future Internet based on the clean slate approach. ZNP supports heterogeneity of network layer protocols by “Internetworking with a Common ID Space”. Its mapping systems meet the requirements (1)–(4) described above. For manipulating the mapping systems, Z Control Message Protocol (ZCMP) is designed. For resolving the link layer (L2) address from the ZNP Locator, Z Neighbor Discovery Protocol (ZNDP) is designed. We implement ZNP and ZNDP in the Linux kernel, ZCMP in the user space and measure the times needed for transmission, reception, forwarding, and locator conversion. The results show the practicability of ZNP as a network layer protocol for the future Internet.