skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


  • Home
  • Search Results
  • Page 1 of 1

Search for: All records

Award ID contains: 2327338

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. ; (, ACM)
    The Rust programming language is a prominent candidate for a C and C++ replacement in the memory-safe era. However, Rust’s safety guarantees do not in general extend to arbitrary third-party code. The main purpose of this short paper is to point out that this is true even entirely within safe Rust – which we illustrate through a series of counterexamples. To complement our examples, we present initial experimental results to investigate: do existing program analysis and program veri!cation tools detect or mitigate these risks? Are these attack patterns realizable via input to publicly exposed functions in real-world Rust libraries? And to what extent do existing supply chain attacks in Rust leverage similar attacks? All of our examples and associated data are available as an open source repository on GitHub. We hope this paper will inspire future work on rethinking safety in Rust – especially, to go beyond the safe/unsafe distinction and harden Rust against a stronger threat model of attacks that can be used in the wild. 
    more » « less
    Full Text Available 
  2. ; (, POPL 2024 Student Research Competition)
    Zhang, Danfeng; Krishnaswami, Neel (Ed.)
    Over the last several years, the Rust programming language has gathered a following among software developers for its robust memory safety features. Nevertheless, it remains susceptible to potentially harmful side effects in untrusted code and is therefore vulnerable to supply chain attacks. We wish to investigate whether preventing them by retroactively enforcing side effect safety is possible. In this extended abstract, we introduce Coenobita, a Rust library that prevents undesirable side effects using capabilities without additional performance overhead. Our goal was to implement statically enforced, zero-cost, and unobtrusive capabilities. To evaluate Coenobita’s practicality and effectiveness, we conducted two case studies porting popular Rust crates walkdir and remove_dir_all to Coenobita. Porting walkdir required modifying or adding around 242 lines across three files originally containing 1800 lines total. Benchmarks were run on 46 tests provided in walkdir and their equivalents in coenobita-walkdir, demonstrating little change in runtime for most tests. 
    more » « less
    Accepted Manuscript Full Text Available