LwRustIP: Memory-safe and efficient embedded networking stack with ownership semantics

Guangyong Shang , Guangpeng Qi , Jianing Ren , Xianqi Jin , Wanjiang Shen , Junchao Li , Xiuzhen Cheng , Runyu Pan

High-Confidence Computing ›› 2026, Vol. 6 ›› Issue (1) : 100351

PDF (720KB)
High-Confidence Computing ›› 2026, Vol. 6 ›› Issue (1) :100351 DOI: 10.1016/j.hcc.2025.100351
Research Articles
research-article
LwRustIP: Memory-safe and efficient embedded networking stack with ownership semantics
Author information +
History +
PDF (720KB)

Abstract

As modern embedded systems are increasingly network connected, their protocol stacks expose themselves as a surface that is frequently attacked. While C-based implementations such as LwIP are efficient, their lack of memory safety induces critical vulnerabilities such as buffer overflows, dangling pointers, and use-after-free, leading to remote code execution or privilege escalation. In this paper, we present LwRustIP, a memory-safe embedded networking stack reimplemented in Rust and compatible with LwIP. We also share our development experience. LwRustIP replaces unsafe linked-list memory management with a custom allocator that honors the Rust ownership semantics, leverages zero-copy techniques for inter-layer packet handoffs, and applies lock-free object pools for concurrent buffer management. These design choices ensure memory safety while maintaining performance comparable to traditional C-based implementations. We deploy LwRustIP on ARM-based embedded platforms and evaluate its correctness, performance, and memory safety. Experimental results show that LwRustIP achieves memory safety without incurring measurable performance overhead compared to the original C-based implementation. Our experience highlights the practical challenges and benefits of using Rust for low-level system components and offers guidance for future efforts in memory-safe reengineering of legacy C codebases.

Keywords

Embedded network protocol stack / Memory safety / Zero-copy architecture / Rust ownership semantics

Cite this article

Download citation ▾
Guangyong Shang, Guangpeng Qi, Jianing Ren, Xianqi Jin, Wanjiang Shen, Junchao Li, Xiuzhen Cheng, Runyu Pan. LwRustIP: Memory-safe and efficient embedded networking stack with ownership semantics. High-Confidence Computing, 2026, 6(1): 100351 DOI:10.1016/j.hcc.2025.100351

登录浏览全文

4963

注册一个新账户 忘记密码

CRediT authorship contribution statement

Guangyong Shang: Writing - review & editing, Writing - original draft, Validation, Software, Resources, Project adminis-tration, Methodology, Investigation, Data curation, Conceptualiza-tion. Guangpeng Qi: Supervision, Project administration, Formal analysis, Data curation, Conceptualization. Jianing Ren: Method-ology, Investigation, Formal analysis, Data curation. Xianqi Jin: Writing - review & editing, Visualization, Supervision, Data cu-ration, Conceptualization. Wanjiang Shen: Validation, Software, Project administration, Methodology, Investigation. Junchao Li: Writing - review & editing, Software, Resources, Investigation, Data curation. Xiuzhen Cheng: Writing - review & editing, Val-idation, Software, Resources, Investigation. Runyu Pan: Writing - review & editing, Writing - original draft, Validation, Software, Data curation, Conceptualization.

Declaration of competing interest

The authors declare that they have no known competing finan-cial interests or personal relationships that could have appeared to influence the work reported in this paper.

The author is an Editorial Board Member/Editor-in-Chief/Associate Editor/Guest Editor for this journal and was not involved in the editorial review or the decision to publish this article.

Acknowledgments

This work was partially supported by National Key Research and Development Program of China (Grant No.2022YFB4502001), National Natural Science Foundation of China (Grant No. 62402291, 62302265, U23A20332), and Shandong Province Natural Science Foundation (Grant No. ZR2023QF172, 2024HWYQ-020).

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]

F. Meneghello, M. Calore, D. Zucchetto, M. Polese, A. Zanella, IoT: Internet of threats? A survey of practical security vulnerabilities in real IoT devices, IEEE Internet Things J. 6 (5) (2019) 8182-8201, http://dx.doi.org/10.1109/JIOT.2019.2935189.
[2]

U. Lindqvist, P.G. Neumann, The future of the internet of things, Commun. ACM 60 (2) (2017) 26-30, http://dx.doi.org/10.15242/IJCCIE.AE0417133.
[3]

PurpleSec, 9 common types of malware (& how to prevent them), 2024, (Accessed 20 April 2025), https://purplesec.us/learn/common-malware-types/.
[4]

Armis Centrix, 11 zero day vulnerabilities impacting billions of mission-critical devices, 2020, (Accessed 20 April 2025), https://www.armis.com/research/urgent-11/.
[5]

Vedere Labs, AMNESIA:33, 2020, (Accessed 20 April 2025), https://www.forescout.com/research-labs/amnesia33/.
[6]

U.S. Department of Homeland Security (DHS) Cybersecurity, Infrastructure Security Agency (CISA), CVE: Common vulnerabilities and exposures, 2025, (Accessed 10 April 2025), https://cve.mitre.org/.
[7]

P.C. Amusuo, R.A.C. Méndez, Z. Xu, A. Machiry, J.C. Davis, Systematically detecting packet validation vulnerabilities in embedded network stacks, in: 2023 38th IEEE/ACM International Conference on Automated Soft-ware Engineering, ASE, IEEE, 2023, pp. 926-938, http://dx.doi.org/10.1109/ASE56229.2023.00095.
[8]

W. Wang, Finding and exploiting vulnerabilities in embedded TCP/IP stacks, 2021, URL http://essay.utwente.nl/88684/.
[9]

Tock, Tock embedded operating system, 2014, (Accessed 13 April 2025), https://tockos.org/.
[10]

Redox, The redox operating system, 2015, (Accessed 13 April 2025), https://tockos.org/.
[11]

V. Valyaeff, Drone | an embedded operating system for writing real-time applications in rust, 13 April 2025), https://www.drone-os.com/.
[12]

K. Boos, N. Liyanage, R. Ijaz, L. Zhong, Theseus: an experiment in operating system structure and state management, in: 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20), USENIX Asso-ciation, 2020, pp. 1-19, URL https://www.usenix.org/conference/osdi20/presentation/boos.
[13]

D. Nieuwenhuis, Smoltcp, 2025, (Accessed 11 April 2025), https://github.com/smoltcp-rs/smoltcp.
[14]

U. Lilleengen, Embassy: Modern embedded framework, using rust and async, 2025, (Accessed 11 April 2025), https://github.com/embassy-rs/embassy.
[15]

R. Javaux, Rusty: A light-weight, user-space, event-driven, highly-scalable, TCP/IP stack using Tilera’s mPIPE API, 2025, (Accessed 11 April 2025), https://github.com/RaphaelJ/rusty.
[16]

polyelectronics, The rust programming language for embedded sys-tems, 2024, (Accessed 25 April 2025), https://polyelectronics.us/the-rust-programming-language-for-embedded-systems/.
[17]

A. Sharma, S. Sharma, S. Torres-Arias, A. Machiry, Rust for embedded systems: current state, challenges and open problems 2023, arXiv preprint arXiv:2311.05063.
[18]

Bytecode Alliance, Rustix: Safe rust bindings to POSIX-ish APIs, 2025, (Accessed 28 April 2025), https://github.com/bytecodealliance/rustix.
[19]

GNOME, Librsvg: A small library to render scalable vector graphics, 2016, (Accessed 28 April 2025), https://github.com/GNOME/librsvg.
[20]

H.W. Andreea Florescu, Secure and fast microvms for serverless com-puting., 2025, (Accessed 28 April 2025), https://github.com/firecracker-microvm/firecracker.
[21]

R. Jung, J.-H. Jourdan, R. Krebbers, D. Dreyer, RustBelt: Securing the foundations of the rust programming language, Proc. the ACM Program. Lang. 2 (POPL) (2017) 1-34, http://dx.doi.org/10.1145/3158154.
[22]

R. Jung, UCG - rust’s unsafe code guidelines, 2025, (Accessed 26 April 2025), https://github.com/rust-lang/unsafe-code-guidelines.
[23]

Verification Infrastructure for Permission-based Reasoning, Prusti: A static verifier for rust, 2025, (Accessed 26 April 2025), https://github.com/viperproject/prusti-dev.
[24]

M. Tautschnig, Kani rust verifier, 2025, (Accessed 26 April 2025), https://github.com/model-checking/kani.
[25]

Creusot, Creusot is a deductive verifier for rust code, 2025, (Accessed 26 April 2025), https://github.com/creusot-rs/creusot.
[26]

E. Labs, An abstract interpreter for the rust compiler’s mid-level interme-diate representation, 2025, (Accessed 26 April 2025), https://github.com/endorlabs/MIRAI.
[27]

R.C. Seacord, The CERT C secure coding standard, Pearson Educa-tion, 2008, URL https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard.
[28]

CodeSecure, Joint strike force, 2025, (Accessed 28 April 2025), https://support.codesecure.com/hc/en-us/articles/15448705954578-Joint-Strike-Force.
[29]

MISRA, MISRA c/c++, 2021, (Accessed 28 April 2025), https://misra.org.uk/.
[30]

P. Anderson, Coding standards for high-confidence embedded systems, in: MILCOM 2008 - 2008 IEEE Military Communications Conference, 2008, pp. 1-7, http://dx.doi.org/10.1109/MILCOM.2008.4753206.
[31]

A. Dunkels, lwIP - A lightweight TCP/IP stack, 2002, (Accessed 29 April 2025), https://savannah.nongnu.org/projects/lwip/.
[32]

A. Dunkels, uIP-a free small TCP/IP stack, 2002, URL https://www.dunkels.com/adam/download/uip-doc-0.6.pdf.
[33]

F.C. Andrey Butok, fNET - embedded TCP/IP stack, 2005, (Accessed 29 April 2025), https://fnet.sourceforge.io/.
[34]

CVE, A buffer overflow vulnerability in lwIP, 2020, (Accessed 30 April 2025), https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22283.
[35]

CVE, Double free vulnerability in virtualsquare picoTCP, 2021, (Accessed 30 April 2025), https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33304.
[36]

CVE, VxWorks IPNET CVE has a NULL pointer dereference, 2020, (Accessed 30 April 2025), https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10664.
[37]

CVE, Memory leak in linux TCP/IP stack, 2024, (Accessed 30 April 2025), https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57841.
[38]

RustPython, 2025, (Accessed 16 July 2025), https://github.com/RustPython/RustPython.
PDF (720KB)

14

Accesses

0

Citation

Detail
Sections
Recommended

/