VALIDATE · VALIDATing SEcurity Safeguards in Binaries Compiled with Memory-Safe Languages Pre-Execution

The emergence of memory-safe programming languages like Rust, Go, and Swift has significantly enhanced security by mitigating common memory-related vulnerabilities with minimal performance loss. Traditionally, memory safety was enforced through run-time support (e.g., Java), which executes bytecode but incurs significant performance overhead. In contrast, Rust, Go, Swift, and similar languages provide memory safety without heavy run-time support, delivering fast, secure machine code instead of virtual bytecode assessed at run-time. The core idea is to let the compiler vet about the security of a program by rejecting insecure code and by injecting certain checks in the produced machine code. However, the lack of run-time protection introduces a new attack vector. Specifically, developers themselves can become attackers by subtly manipulating binaries compiled with memory-safe languages, introducing deliberate vulnerabilities. These compromised binaries, disguised as secure, can bypass app store screening processes and become malicious post-installation through remote exploitation. This underscores the need for a robust validation mechanism to complement existing screening processes. To address this, we introduce VALIDATE (VALIDATing SEcurity Safeguards in Binaries Compiled with Memory-Safe Languages Pre-Execution), a validation mechanism ensuring that binaries compiled with memory-safe languages retain their intended security properties before execution. VALIDATE operates at the final executable level, where no further code alterations can occur, providing accurate end-to-end security guarantees. By advancing static and dynamic analysis techniques beyond the state-of-the-art, VALIDATE ensures that security guarantees enforced at compile-time remain intact at load-time. Integrating VALIDATE with app store screening processes enhances cybersecurity and maintains user trust by ensuring that memory-safe advertised software is indeed safe before execution.