CSE 291-K: Building Secure Systems with Rust Deian Stefan and Evan Johnson
This course will explore how using a language like Rust with a powerful type system and strong safety guarantees affects the design of secure systems. Do the safety guarantees provided by Rust (e.g., memory safety) make it easier to provide stronger guarantees using techniques like verification? What classes of vulnerabilities can we completely eliminate by cleverly taking advantage of Rust's type system? Where and how do Rust's safety guarantees break down when applied to low-level systems code? To (start to) answer these questions, students will read, present, and discuss recent research papers in the field and conduct a relevant quarter-long research project in small groups.
Lectures: : Monday and Wednesday 11:00 - 12:20pm CSE 4258
Staff: : Instructors: Deian Stefan and Evan Johnson
Office hours: : Evan: Wednesday 4:00-5:00 CSE 3142
Class discussion:
: We'll use the CSE slack channel cse291k-fall24
Mon Sep 30 2024: Introduction
- Slides
- Reading:
- The Rise of Worse is Better by Richard Gabriel
- Optional reading:
- The Rust I Wanted Had No Future by Graydon Hoare
- "What next?" by Graydon Hoare
Wed Oct 2 2024: Rust
- Reading:
- Engineering the Servo Web Browser Engine using Rust by Brian Anderson et al.
- Optional reading:
Mon Oct 7 2024: Safe and Unsafe Rust
- Reading:
- Rustnomicon chapter 1: Safe & Unsafe
- How do programmers use unsafe rust? by Vytautas Astrauskas et al.
- Optional reading:
Wed Oct 9 2024: Isolating untrusted code with Rust
- Reading:
- RedLeaf: isolation and communication in a safe operating system by Vikram Narayanan et al.
- CVE-rs
Mon Oct 14 2024: Isolation (cont.)
- Reading:
- Retrofitting Fine Grain Isolation in the Firefox Renderer by Shravan Narayan et al.
Wed Oct 16 2024: Rusty embedded systems
- Reading:
- Multiprogramming a 64kB Computer Safely and Efficiently by Amit Levy et al.
Mon Oct 21 2024: Rusty embedded systems (day 2)
- Reading:
- Bringing Segmented Stacks to Embedded Systems by Zhiyao Ma and Lin Zhong
- Panic Recovery in Rust-based Embedded Systems by Zhiyao Ma et al.
Wed Oct 23 2024: Project day
Mon Oct 28 2024: Rusty embedded systems (day 3)
- Reading:
- Tighten rust’s belt: shrinking embedded Rust binaries by Hudson Ayers et al.
Wed Oct 30 2024: The foreign function interface
- Reading:
- A Study of Undefined Behavior Across Foreign Function Boundaries in Rust Libraries by Ian McCormack et al.
- Optional reading:
Mon Nov 4 2024: Formal methods in Rust (Nico)
- Reading:
Wed Nov 6 2024: The foreign function interface (continued)
- Reading:
- Detecting Cross-Language Memory Management Issues in Rust by Zhuohua Li et al.
- Optional reading:
- Encapsulated Functions: Fortifying Rust’s FFI in Embedded Systems by Leon Schuermann et al.
Mon Nov 11 2024: Veteran's Day
Wed Nov 13 2024: Static analysis on Rust
- Reading:
- Modular information flow through ownership by Will Chrichton et al.
Mon Nov 18 2024: Secure VMMs
- Reading:
- Firecracker: Lightweight Virtualization for Serverless Applications by Alexandru Agache et al.
Wed Nov 20 2024: Secure HSMs
- Reading:
Mon Nov 25 2024: Fearless Concurrency?
- Reading:
- When is parallelism fearless and zero-cost with Rust? by Javad Abdi et al.
Wed Nov 27 2024: Fearless Concurrency? (continued)
- Reading:
- Deadlock free async message reordering in rust with multiparty session types by Zak Cutner et al.
Mon Dec 2 2024: Confidential VMs
- Reading:
- VERISMO: A Verified Security Module for Confidential VMs by Ziqiao Zhou et al.
Wed Dec 4 2024: Operating Systems (cont)
- Reading:
- Theseus: an Experiment in Operating System Structure and State Management by Kevin Boos et al.