Pioneering the Software Development Paradigm with Rust

Abstract

A large portion of modern, real-world system software (e.g., OS Kernels, browsers) are still built with fundamentally insecure progr,amming languages like C and C++, which are memory-unsafe, racy, error-prone and decade-old, rendering them vulnerable to a wide rang,e of security flaws. However, promising mitigation approaches like conventional formal verification (e.g., Coq) and runtime-based la,nguages with garbage collection (e.g., Java, Haskell, etc.) have scalability issues for complex system software, whose performance,,safety and expressiveness cannot be compromised at the same time.Recent advancement in programming languages and tools makes it a pr,oper time to rethink the software development paradigm. As a pioneer, Rust has been rapidly gaining its popularity in many important, system software such as Firefox, Android, Chrome, and Linux (e.g., system services like the bluetooth stack on Android, or CSS rend,ering engine in Firefox), due to its strong guarantee on the absence of some most common vulnerabilities (e.g., use-after-free, buff,er overflow, data races). However, Rust also has two important pitfalls for its security guarantees, namely unsafe code whose correc,tness and safety are dependent on the developers? judgment instead of being guaranteed by the Rust compiler, and logical errors (e.g,., incorrect access control or permission grant).In this proposal, we propose four promising directions and techniques to address th,ese pitfalls. First, to facilitate automatic bug discovery in Rust unsafe code, we will develop an one-shot tool to emphatically gua,rantee the correctness of unsafe code by automatically generating and running fuzzing harness for Rust libraries without having huma,n involvement. Second, utilizing fuzzing techniques for input space exploration, we will develop automatic unit test generation tech,nique for Rust libraries, which can also help reveal the logical errors. Third, to provide protection from the exploitation of bugs,in Rust unsafe code, we propose to augment modern hardware features (e.g., ARM PAC, MTE, etc.) to protect pointer/reference access i,n the unsafe code, which can mitigate any mistakes in the unsafe code from exploitation. Finally, to further improve the security at, the Rust binary level, we plan to develop a tool to help reverse-engineering efforts. More specifically, we will take advantage of,deep learning techniques to automatically pinpoint the unsafe functions in Rust binaries, narrowing down the scope for future securi,ty inspection.Our team has an extensive background in the underlying technologies of the proposed research tasks, including fuzzing,, program/binary analysis, hardware security mechanisms, vulnerability exploitation and mitigation. We will also release all the soft,ware developed for this proposal under an academic, open-source license whenever possible.The proposed project will cost $1.4m over,the a total of 48 months ($350k per year), supportingtwo PhD and one postdoc per year over the course of the projects.Approved for P,ublic Release

Document Details

Document Type

DoD Grant Award

Publication Date

Dec 06, 2022

Source ID

N000142312095

Entities

Tags