引用本文
  • 胡霜,华保健,欧阳婉容,樊淇梁.Rust语言安全研究综述[J].信息安全学报,已采用    [点击复制]
  • HU Shusng,HUA Baojian,OUYANG Wanrong,FAN Qiliang.A Survey of Rust Language Security Research[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【在线阅读全文】【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 279次   下载 0  
Rust语言安全研究综述
胡霜1, 华保健2, 欧阳婉容1, 樊淇梁1
0
(1.中国科学技术大学软件学院;2.中国科学技术大学软件学院 苏州 中国)
摘要:
Rust是为了解决系统编程领域的安全性问题,而设计的一门面向系统编程的兼具类型安全、内存安全和并发安全的新型程序设计语言, 强调安全性和高性能,已经在操作系统内核、Web浏览器、网络协议栈、数据库和区块链等底层软件系统的构建中得到了越来越广泛 的应用。现有研究表明,尽管Rust的设计目标是保证安全性,但其自身仍然存在许多安全问题。作为一门系统编程语言,Rust的安全 性直接影响到基于Rust开发的软件系统的安全性。随着Rust的广泛应用,对Rust语言安全的研究显得尤为重要。Rust语言安全研究正 在成为研究热点,并且在近几年已经取得了较大研究进展。本综述基于该研究领域已经公开发表的46篇研究论文,对该领域的相关研 究进行了系统整理、分析和总结:首先,研究分析了Rust的核心安全特性,包括函数式编程范式、强多态类型系统、基于所有权模型 的自动内存管理、对非安全代码的显式标记和隔离;其次,提出了Rust语言安全研究领域的分类学,将已有研究分为安全实证研究、 漏洞检测研究、安全增强研究和形式化验证研究四个热点方向,并分别对这四个方向上的相关研究进行了综述、深入分析和总结, 同时分析了四个研究方向的内在联系;最后,指出了该研究领域的待解决的科学问题,并对未来可能的研究方向进行了展望, 提出了四个潜在的研究方向,以期为相关领域的研究者提供有价值的参考。
关键词:  Rust语言  内存安全  并发安全  漏洞检测与修复
DOI:
投稿时间:2022-03-29修订日期:2022-06-15
基金项目:
A Survey of Rust Language Security Research
Abstract:
Rust is an emerging type-safe, memory-safe, and concurrency-safe programming language for system programming to address security issues in the system programming domain. The design of Rust emphasizes both security and high performance, thus has been increasingly used in the construction of software infrastructures such as operating system kernels, Web browsers, network protocol stacks, databases, and blockchains. However, existing research efforts have demonstrated that despite its design goal of ensuring security, Rust still suffers from many safety issues. As a system programming language, the security of Rust directly affects the security of software systems developed with Rust. Furthermore, with the widespread adoption of Rust, the study of Rust language security is becoming a hot research topic with significant research progress. In this survey, we systematically analyze and summarize the latest research progress in this field, based on a systematic analysis of 46 published research papers: first, we analyze the main security-related features of Rust, including functional programming paradigm, strong polymorphic type system, automatic ownership-based memory management model, and explicit isolation of unsafe code; second, we propose a taxonomy to classify current research efforts into four categories: empirical security study, vulnerability detection, safety enhancement, and formal verification, by reviewing and analyzing, and summarizing the relevant research not only in each of these four directions, but also in their interactions; finally, we point out open problems in this research area, and highlight the remaining challenges of Rust language security research, and propose four potential research directions. This survey serves as both a valuable reference and a starting point for future research in this field.
Key words:  Rust  memory safety  concurrency safety  vulnerability detection and rectification