Loading [MathJax]/extensions/tex2jax.js

"I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

  • Sandra Holtervennhoff
  • Philip Klostermeyer
  • Noah Wohler
  • Yasemin Acar

Research Organisations

External Research Organisations

  • CISPA Helmholtz Center for Information Security
  • Paderborn University
  • George Washington University

Details

Original languageEnglish
Title of host publicationSEC '23
Subtitle of host publicationProceedings of the 32nd USENIX Conference on Security Symposium
EditorsJoe Calandrio, Carmela Troncosa
Pages2509-2525
Number of pages17
ISBN (electronic)978-1-939133-37-3
Publication statusPublished - 9 Aug 2023
Event32nd USENIX Security Symposium, USENIX Security 2023 - Anaheim, United States
Duration: 9 Aug 202311 Aug 2023

Abstract

Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. 

In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. 

We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

ASJC Scopus subject areas

Cite this

"I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. / Holtervennhoff, Sandra; Klostermeyer, Philip; Wohler, Noah et al.
SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium. ed. / Joe Calandrio; Carmela Troncosa. 2023. p. 2509-2525 141.

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Holtervennhoff, S, Klostermeyer, P, Wohler, N, Acar, Y & Fah, S 2023, "I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. in J Calandrio & C Troncosa (eds), SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium., 141, pp. 2509-2525, 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, United States, 9 Aug 2023. <https://dl.acm.org/doi/10.5555/3620237.3620378>
Holtervennhoff, S., Klostermeyer, P., Wohler, N., Acar, Y., & Fah, S. (2023). "I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. In J. Calandrio, & C. Troncosa (Eds.), SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium (pp. 2509-2525). Article 141 https://dl.acm.org/doi/10.5555/3620237.3620378
Holtervennhoff S, Klostermeyer P, Wohler N, Acar Y, Fah S. "I wouldn't want my unsafe code to run my pacemaker": An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. In Calandrio J, Troncosa C, editors, SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium. 2023. p. 2509-2525. 141
Holtervennhoff, Sandra ; Klostermeyer, Philip ; Wohler, Noah et al. / "I wouldn't want my unsafe code to run my pacemaker" : An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust. SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium. editor / Joe Calandrio ; Carmela Troncosa. 2023. pp. 2509-2525
Download
@inproceedings{6f9c2a0e883a488fa5dc5ba36e2ad48f,
title = "{"}I wouldn't want my unsafe code to run my pacemaker{"}: An Interview Study on the Use, Comprehension, and Perceived Risks of Unsafe Rust",
abstract = "Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.",
author = "Sandra Holtervennhoff and Philip Klostermeyer and Noah Wohler and Yasemin Acar and Sascha Fah",
note = "Publisher Copyright: {\textcopyright} USENIX Security 2023. All rights reserved.; 32nd USENIX Security Symposium, USENIX Security 2023 ; Conference date: 09-08-2023 Through 11-08-2023",
year = "2023",
month = aug,
day = "9",
language = "English",
pages = "2509--2525",
editor = "Joe Calandrio and Carmela Troncosa",
booktitle = "SEC '23",

}

Download

TY - GEN

T1 - "I wouldn't want my unsafe code to run my pacemaker"

T2 - 32nd USENIX Security Symposium, USENIX Security 2023

AU - Holtervennhoff, Sandra

AU - Klostermeyer, Philip

AU - Wohler, Noah

AU - Acar, Yasemin

AU - Fah, Sascha

N1 - Publisher Copyright: © USENIX Security 2023. All rights reserved.

PY - 2023/8/9

Y1 - 2023/8/9

N2 - Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

AB - Modern software development still struggles with memory safety issues as a significant source of security bugs. The Rust programming language addresses memory safety and provides further security features. However, Rust offers developers the ability to opt out of some of these guarantees using unsafe Rust. Previous work found that the source of many security vulnerabilities is unsafe Rust. In this paper, we are the first to see behind the curtain and investigate developers' motivations for, experiences with, and risk assessment of using unsafe Rust in depth. Therefore, we conducted 26 semi-structured interviews with experienced Rust developers. We find that developers aim to use unsafe Rust sparingly and with caution. However, we also identify common misconceptions and tooling fatigue that can lead to security issues, find that security policies for using unsafe Rust are widely missing and that participants underestimate the security risks of using unsafe Rust. We conclude our work by discussing the findings and recommendations for making the future use of unsafe Rust more secure.

UR - http://www.scopus.com/inward/record.url?scp=85176137671&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85176137671

SP - 2509

EP - 2525

BT - SEC '23

A2 - Calandrio, Joe

A2 - Troncosa, Carmela

Y2 - 9 August 2023 through 11 August 2023

ER -