Rust’s memory safety relies on its ownership system, yet `unsafe` code can bypass these checks, introducing critical security vulnerabilities. Existing isolation approaches support only static, fixed-boundary sandboxing of `unsafe` modules, lacking flexibility for dynamic, fine-grained co-sandboxing of safe and unsafe code. This paper proposes a lightweight, syntax-aware dynamic isolation mechanism for Rust: leveraging zero-cost abstractions and fine-grained sandbox partitioning, it enables runtime-configurable cross-safety-domain policies; combined with optimized data transfer, it significantly reduces inter-sandbox call overhead. Evaluated on multiple real-world Rust applications, the mechanism effectively contains vulnerability propagation while incurring an average performance overhead of less than 8.2%. It thus achieves a practical balance among security assurance, usability, and backward compatibility.

Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time. While the unsafe keyword allows programmers to bypass these restrictions, it introduces significant risks. Various approaches for isolating unsafe code to protect safe Rust from vulnerabilities have been proposed, yet these methods provide only fixed isolation boundaries and do not accommodate expressive policies that require sandboxing both safe and unsafe code. This paper presents SandCell for flexible and lightweight isolation in Rust by leveraging existing syntactic boundaries. SandCell allows programmers to specify which components to sandbox with minimal annotation effort, enabling fine-grained control over isolation. The system also introduces novel techniques to minimize overhead when transferring data between sandboxes. Our evaluation demonstrates SandCell's effectiveness in preventing vulnerabilities across various Rust applications while maintaining reasonable performance overheads.