Loading [MathJax]/extensions/tex2jax.js

"I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Autorschaft

  • Sandra Holtervennhoff
  • Philip Klostermeyer
  • Noah Wohler
  • Yasemin Acar

Organisationseinheiten

Externe Organisationen

  • Helmholtz-Zentrum für Informationssicherheit (CISPA)
  • Universität Paderborn
  • George Washington University

Details

OriginalspracheEnglisch
Titel des SammelwerksSEC '23
UntertitelProceedings of the 32nd USENIX Conference on Security Symposium
Herausgeber/-innenJoe Calandrio, Carmela Troncosa
Seiten2509-2525
Seitenumfang17
ISBN (elektronisch)978-1-939133-37-3
PublikationsstatusVeröffentlicht - 9 Aug. 2023
Veranstaltung32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, USA / Vereinigte Staaten
Dauer: 9 Aug. 202311 Aug. 2023

Abstract

Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. 

In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. 

We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

ASJC Scopus Sachgebiete

Zitieren

"I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. / Holtervennhoff, Sandra; Klostermeyer, Philip; Wohler, Noah et al.
SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium. Hrsg. / Joe Calandrio; Carmela Troncosa. 2023. S. 2509-2525 141.

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Holtervennhoff, S, Klostermeyer, P, Wohler, N, Acar, Y & Fah, S 2023, "I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. in J Calandrio & C Troncosa (Hrsg.), SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium., 141, S. 2509-2525, 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, USA / Vereinigte Staaten, 9 Aug. 2023. <https://dl.acm.org/doi/10.5555/3620237.3620378>
Holtervennhoff, S., Klostermeyer, P., Wohler, N., Acar, Y., & Fah, S. (2023). "I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. In J. Calandrio, & C. Troncosa (Hrsg.), SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium (S. 2509-2525). Artikel 141 https://dl.acm.org/doi/10.5555/3620237.3620378
Holtervennhoff S, Klostermeyer P, Wohler N, Acar Y, Fah S. "I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. in Calandrio J, Troncosa C, Hrsg., SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium. 2023. S. 2509-2525. 141
Holtervennhoff, Sandra ; Klostermeyer, Philip ; Wohler, Noah et al. / "I wouldn't want my unsafe code to run my pacemaker" : An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium. Hrsg. / Joe Calandrio ; Carmela Troncosa. 2023. S. 2509-2525
Download
@inproceedings{6f9c2a0e883a488fa5dc5ba36e2ad48f,
title = "{"}I wouldn't want my unsafe code to run my pacemaker{"}: An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust",
abstract = "Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.",
author = "Sandra Holtervennhoff and Philip Klostermeyer and Noah Wohler and Yasemin Acar and Sascha Fah",
note = "Publisher Copyright: {\textcopyright} USENIX Security 2023. All rights reserved.; 32nd USENIX Security Symposium, USENIX Security 2023 ; Conference date: 09-08-2023 Through 11-08-2023",
year = "2023",
month = aug,
day = "9",
language = "English",
pages = "2509--2525",
editor = "Joe Calandrio and Carmela Troncosa",
booktitle = "SEC '23",

}

Download

TY - GEN

T1 - "I wouldn't want my unsafe code to run my pacemaker"

T2 - 32nd USENIX Security Symposium, USENIX Security 2023

AU - Holtervennhoff, Sandra

AU - Klostermeyer, Philip

AU - Wohler, Noah

AU - Acar, Yasemin

AU - Fah, Sascha

N1 - Publisher Copyright: © USENIX Security 2023. All rights reserved.

PY - 2023/8/9

Y1 - 2023/8/9

N2 - Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

AB - Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

UR - http://www.scopus.com/inward/record.url?scp=85176137671&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85176137671

SP - 2509

EP - 2525

BT - SEC '23

A2 - Calandrio, Joe

A2 - Troncosa, Carmela

Y2 - 9 August 2023 through 11 August 2023

ER -