Computer Systems & Security Group, USTC

Home
Publications
Projects
Courses
Members

Plato: Rust Security Project

Overview:

Rust is an emerging language which provides both efficiency and security, by introducing a group of novel language features such ownership, borrows, explicit lifetimes, and automatic memory management. As a result, Rust has been widely used successfully in many scenarios such as OS kernels, Web browsers, Database engines, and compilers.

Although Rust provide a high degree of security guarantees, it still suffers from memory and concurrency vulnerabilities, due to the unsafe feature it introduced. And recent studies have demonstrated that there .

The goal of the Plato project is to investigate the security of the Rust language. To be specific, this project aims to:

  • perform thorough study on vulnerabilities of Rust language, including both memory and concurrency bugs;
  • study effective techniques to fix these vulnerabilities automatically (APR);
  • study theory and practice to migrate legacy code (especially C/C++ codebase) to Rust, thus leveraging Rust's security checking capabilities.

Publications:

  • A Survey of Rust Language Security Research. [pdf]
    Shuang Hu, Baojian Hua, Wanrong Ouyang, and Qiliang Fan.
    Journal of Cyber Security. To appear. 2022.

  • Comprehensive, Automated, and Lifecycle: A Perspective on Rust Security. [pdf]
    Shuang Hu, and Baojian Hua.
    Submitted. 2022.

  • An Empirical Study of Rust Language Feature Usage at the Ecosystem Scale. [pdf]
    Baojian Hua, Shuang Hu, Wanrong Ouyang, and Qiliang Fan.
    Submitted. 2022.

  • RUPAIR: Towards Automatic Buffer Overflow Detection and Rectification for Rust. [pdf]
    Baojian Hua, Wanrong Ouyang, Chengman Jiang, Qiliang Fan, and Zhizhong Pan.
    The 37th Annual Computer Security Applications Conference (ACSAC 2021). 2021.

  • RusBox: Towards Efficient and Adaptive Sandboxing for Rust. [pdf]
    Wanrong Ouyang, and Baojian Hua.
    The 32nd International Symposium on Software Reliability Engineering, Fast Abstract. (ISSRE 2021). 2021.

  • `R: Towards Detecting and Understanding Code-Document Violations in Rust. [pdf]
    Wanrong Ouyang, and Baojian Hua.
    The 1st International Workshop on Reliable System Software (RESS 2021). 2021.

Members:

  • Qiliang Fan
  • Shuang Hu
  • Baojian Hua
  • Wanrong Ouyang