I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Autoren

  • Sandra Holtervennhoff
  • Philip Klostermeyer
  • Noah Wohler
  • Yasemin Acar
  • Sascha Fah

Organisationseinheiten

Externe Organisationen

  • Helmholtz-Zentrum für Informationssicherheit (CISPA)
  • Universität Paderborn
  • George Washington University
Forschungs-netzwerk anzeigen

Details

OriginalspracheEnglisch
Titel des SammelwerksConference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023
Seiten2509-2525
Seitenumfang17
ISBN (elektronisch)9781713879497
PublikationsstatusVeröffentlicht - 9 Aug. 2023
Veranstaltung32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, USA / Vereinigte Staaten
Dauer: 9 Aug. 202311 Aug. 2023

Publikationsreihe

Name32nd USENIX Security Symposium, USENIX Security 2023
Band4

Abstract

Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

ASJC Scopus Sachgebiete

Zitieren

I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. / Holtervennhoff, Sandra; Klostermeyer, Philip; Wohler, Noah et al.
Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023. 2023. S. 2509-2525 (32nd USENIX Security Symposium, USENIX Security 2023; Band 4).

Publikation: Beitrag in Buch/Bericht/Sammelwerk/KonferenzbandAufsatz in KonferenzbandForschungPeer-Review

Holtervennhoff, S, Klostermeyer, P, Wohler, N, Acar, Y & Fah, S 2023, I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. in Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023. 32nd USENIX Security Symposium, USENIX Security 2023, Bd. 4, S. 2509-2525, 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, USA / Vereinigte Staaten, 9 Aug. 2023.
Holtervennhoff, S., Klostermeyer, P., Wohler, N., Acar, Y., & Fah, S. (2023). I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. In Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023 (S. 2509-2525). (32nd USENIX Security Symposium, USENIX Security 2023; Band 4).
Holtervennhoff S, Klostermeyer P, Wohler N, Acar Y, Fah S. I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. in Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023. 2023. S. 2509-2525. (32nd USENIX Security Symposium, USENIX Security 2023).
Holtervennhoff, Sandra ; Klostermeyer, Philip ; Wohler, Noah et al. / I wouldn't want my unsafe code to run my pacemaker" : An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023. 2023. S. 2509-2525 (32nd USENIX Security Symposium, USENIX Security 2023).
Download
@inproceedings{6f9c2a0e883a488fa5dc5ba36e2ad48f,
title = "I wouldn't want my unsafe code to run my pacemaker{"}: An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust",
abstract = "Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.",
author = "Sandra Holtervennhoff and Philip Klostermeyer and Noah Wohler and Yasemin Acar and Sascha Fah",
note = "Publisher Copyright: {\textcopyright} USENIX Security 2023. All rights reserved.; 32nd USENIX Security Symposium, USENIX Security 2023 ; Conference date: 09-08-2023 Through 11-08-2023",
year = "2023",
month = aug,
day = "9",
language = "English",
series = "32nd USENIX Security Symposium, USENIX Security 2023",
pages = "2509--2525",
booktitle = "Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023",

}

Download

TY - GEN

T1 - I wouldn't want my unsafe code to run my pacemaker"

T2 - 32nd USENIX Security Symposium, USENIX Security 2023

AU - Holtervennhoff, Sandra

AU - Klostermeyer, Philip

AU - Wohler, Noah

AU - Acar, Yasemin

AU - Fah, Sascha

N1 - Publisher Copyright: © USENIX Security 2023. All rights reserved.

PY - 2023/8/9

Y1 - 2023/8/9

N2 - Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

AB - Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

UR - http://www.scopus.com/inward/record.url?scp=85176137671&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85176137671

T3 - 32nd USENIX Security Symposium, USENIX Security 2023

SP - 2509

EP - 2525

BT - Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023

Y2 - 9 August 2023 through 11 August 2023

ER -