LVing: A Vulnerability Detection and Visualization Platform for Rust
We demonstrate LVing, an interactive vulnerability detection and visualization platform for Rust programs that operates at the LLVM-IR level. LVing transforms Rust source code into Code Property Graphs stored in Neo4j, enabling the querying detection of concurrency vulnerabilities that escape source-level analysis tools. Our demonstration showcases the complete workflow: users submit Rust code through a web interface, the system compiles to LLVM-IR and constructs CPGs, and analysts explore vulnerabilities through interactive graph visualization with three-way synchronization between source code, IR, and graph representations. LVing successfully identifies data races, use-after-free conditions, and thread safety violations in real-world CVEs from the RustSec Advisory Database. The tool handles programs up to 5000 LOC with analysis completing in under 60 seconds. LVing is publicly available as a Docker container with complete documentation and vulnerability examples at https://github.com/ediaz029/LVing
Demo video: https://youtu.be/df_jsB28NFw?si=j4nc8dK-YkaLH1rk
Fri 17 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
11:00 - 12:30 | Dependability and Security 8Journal-first Papers / Demonstrations / Research Track at Oceania X Chair(s): Xusheng Xiao Arizona State University | ||
11:00 15mTalk | DamFlow: Preventing a Flood of Irrelevant Data Flows in Android Apps Journal-first Papers Marco Alecci University of Luxembourg, Jordan Samhi University of Luxembourg, Luxembourg, Marc Miltenberger Fraunhofer SIT; ATHENE, Steven Arzt Fraunhofer SIT; ATHENE, Tegawendé F. Bissyandé University of Luxembourg, Jacques Klein University of Luxembourg | ||
11:15 15mTalk | LVing: A Vulnerability Detection and Visualization Platform for Rust Demonstrations Ernesto Diaz Texas A&M University-San Antonio, Mark Solis Texas A&M University-San Antonio, Young Lee Texas A & M University - San Antonio, Jeong Yang Texas A&M University-San Antonio, Deep Gandhi Independent Researcher | ||
11:30 15mTalk | StagedVulBERT: Multi-Granular Vulnerability Detection with a Novel Pre-trained Code Model Journal-first Papers Yuan Jiang Harbin Institute of Technology, Yujian Zhang Harbin Institute of Technology, Xiaohong Su Harbin Institute of Technology, Christoph Treude Singapore Management University, Tiantian Wang Harbin Institute of Technology | ||
11:45 15mTalk | Just-in-Time Detection of Silent Security Patches Journal-first Papers Xunzhu Tang University of Luxembourg, Kisub Kim DGIST, Saad Ezzini King Fahd University of Petroleum and Minerals, Yewei Song University of Luxembourg, Haoye Tian Aalto University, Jacques Klein University of Luxembourg, Tegawendé F. Bissyandé University of Luxembourg | ||
12:00 15mTalk | Rusted Types: Static Detection of Rust Type Confusion Bugs Research Track Zeyang Zhuang The Chinese University of Hong Kong, Wei Meng Chinese University of Hong Kong, Michael Lyu The Chinese University of Hong Kong | ||
12:15 15mTalk | LLM-based Vulnerability Discovery through the Lens of Code Metrics Research Track Felix Weissberg BIFOLD & TU Berlin, Lukas Pirch BIFOLD & TU Berlin, Erik Imgrund BIFOLD & TU Berlin, Jonas Möller BIFOLD & TU Berlin, Thorsten Eisenhofer BIFOLD & TU Berlin, Konrad Rieck BIFOLD & TU Berlin Pre-print | ||