TUM Logo

A Data-flow Engine for Rust: Analyzing Security Critical Programs

A Data-flow Engine for Rust: Analyzing Security Critical Programs

Supervisor(s): Oliver Braunsdorf
Status: finished
Topic: Others
Author: Andreas Vollert
Submission: 2019-10-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


Rust is a modern, open-source system-level programming language.  It
includes an advanced type system to prevent certain classes of bugs,
e.g., memory errors, from happening without relying on techniques such
as garbage collection.  This excludes a big source of security
vulnerabilities in programs written in Rust. Even with this strong
assurances Rust programs are still susceptible to other types of
vulnerabilities such as information leaks.

This thesis presents an algorithm for static analysis on Rust
programs.  It uses the Rust compiler's internal APIs to reason about
the propagation of labels of annotated variables throughout a
program. This can be used to track the flow of data and detect when
sensitive data may be written to insecure locations.

An implementation of the algorithm is tested.  It is capable of
correctly propagating labels over simple programs except for loops.
The analysis is intraprocedural, flow sensitive and field insensitive.
The overhead in terms of runtime and memory usage increases
superlinear in the number of basic blocks of the control flow graph of
a program.