Project Verona is supposed to close off memory space from being abused by malware. Verona is a city in Italy which is much like Venice, only there is no water in the streets – which is why its gondoliers all suffer from sprained wrists.
Microsoft's Project Verona could turn out to be just an experiment that leads nowhere, but the company has progressed far enough to have detailed some of its ideas through the UK-based non-profit Knowledge Transfer Network.
Matthew Parkinson, a Microsoft researcher from the Cambridge Computer Lab in the UK who's dedicated to "investigating memory management for managed programming languages", gave a talk last week focusing on what the company is doing to address these memory issues.
Parkinson talked about the work Microsoft has done with its Memory Garbage Collector (MemGC), for Internet Explorer (IE) and Edge. MemGC addressed vulnerabilities in the standard browser feature known as a Document Object Model (DOM), a representation of the data used by browsers to interpret web pages.
The other class of bugs Microsoft is working on to address relates to uninitialized memory in a way that also doesn't kill performance.
Parkinson said Microsoft is rewriting some "targeted" components in Rust. His talk focused on language design and compartmentalization. "If we want compartments, and to carve up the legacy bits of our code so [attackers'] exploit code can't get out, what do we need in the language design that can help with that?" This is Project Verona and Parkinson said it was the first time he'd discussed the project, which will be made open source "soon." It is a new language for what Microsoft is calling "safe infrastructure programming."
Vole's challenge for Microsoft is dealing with the 'application spectrum,' which spans from C# for desktop apps through to C and C# for Exchange, ASP.NET, Azure, and device drivers, to deep Windows components like memory management and boot loaders and the Windows kernel hardware abstraction layer (HAL).
"The ownership model in Verona is based on groups of objects, not like in Rust where it's based on a single object," said Parkinson.
"In C++ you get pointers and it's based on objects and it's pretty much per object. But that isn't how I think about data and grammar. I think about a data structure as a collection of objects. And that collection of objects as a lifetime. So by taking ownership at the level of ownership of objects, then we get much closer to the level of abstraction that people are using and it gives us the ability to build data structures without going outside of safety."