I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

  • Sandra Holtervennhoff
  • Philip Klostermeyer
  • Noah Wohler
  • Yasemin Acar
  • Sascha Fah

Research Organisations

External Research Organisations

  • CISPA Helmholtz Center for Information Security
  • Paderborn University
  • George Washington University
View graph of relations

Details

Original languageEnglish
Title of host publicationConference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023
Pages2509-2525
Number of pages17
ISBN (electronic)9781713879497
Publication statusPublished - 9 Aug 2023
Event32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, United States
Duration: 9 Aug 202311 Aug 2023

Publication series

Name32nd USENIX Security Symposium, USENIX Security 2023
Volume4

Abstract

Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

ASJC Scopus subject areas

Cite this

I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. / Holtervennhoff, Sandra; Klostermeyer, Philip; Wohler, Noah et al.
Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023. 2023. p. 2509-2525 (32nd USENIX Security Symposium, USENIX Security 2023; Vol. 4).

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Holtervennhoff, S, Klostermeyer, P, Wohler, N, Acar, Y & Fah, S 2023, I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. in Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023. 32nd USENIX Security Symposium, USENIX Security 2023, vol. 4, pp. 2509-2525, 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, United States, 9 Aug 2023.
Holtervennhoff, S., Klostermeyer, P., Wohler, N., Acar, Y., & Fah, S. (2023). I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. In Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023 (pp. 2509-2525). (32nd USENIX Security Symposium, USENIX Security 2023; Vol. 4).
Holtervennhoff S, Klostermeyer P, Wohler N, Acar Y, Fah S. I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. In Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023. 2023. p. 2509-2525. (32nd USENIX Security Symposium, USENIX Security 2023).
Holtervennhoff, Sandra ; Klostermeyer, Philip ; Wohler, Noah et al. / I wouldn't want my unsafe code to run my pacemaker" : An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023. 2023. pp. 2509-2525 (32nd USENIX Security Symposium, USENIX Security 2023).
Download
@inproceedings{6f9c2a0e883a488fa5dc5ba36e2ad48f,
title = "I wouldn't want my unsafe code to run my pacemaker{"}: An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust",
abstract = "Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.",
author = "Sandra Holtervennhoff and Philip Klostermeyer and Noah Wohler and Yasemin Acar and Sascha Fah",
note = "Publisher Copyright: {\textcopyright} USENIX Security 2023. All rights reserved.; 32nd USENIX Security Symposium, USENIX Security 2023 ; Conference date: 09-08-2023 Through 11-08-2023",
year = "2023",
month = aug,
day = "9",
language = "English",
series = "32nd USENIX Security Symposium, USENIX Security 2023",
pages = "2509--2525",
booktitle = "Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023",

}

Download

TY - GEN

T1 - I wouldn't want my unsafe code to run my pacemaker"

T2 - 32nd USENIX Security Symposium, USENIX Security 2023

AU - Holtervennhoff, Sandra

AU - Klostermeyer, Philip

AU - Wohler, Noah

AU - Acar, Yasemin

AU - Fah, Sascha

N1 - Publisher Copyright: © USENIX Security 2023. All rights reserved.

PY - 2023/8/9

Y1 - 2023/8/9

N2 - Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

AB - Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

UR - http://www.scopus.com/inward/record.url?scp=85176137671&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85176137671

T3 - 32nd USENIX Security Symposium, USENIX Security 2023

SP - 2509

EP - 2525

BT - Conference Proceedings - 32nd USENIX Security Symposium, USENIX Security 2023

Y2 - 9 August 2023 through 11 August 2023

ER -