Rust is a modern programming language designed for strict memory and concurrency safety. Despite the safety checks, unsafe code in Rust can introduce memory safety issues. Unsafe type conversion, which reinterprets data from one type to another type, can alter the type spatial and temporal properties, leading to memory safety and data corruption issues. Since an unsafely converted value could violate a programmer’s intended conversion semantics and allows attackers to access the sensitive memory, type confusion bugs have critical security implications. Despite the increasing number of Rust type confusion bugs, the problem has not been systematically studied and addressed by the Rust community. In this paper, we propose DeRust, the first and a novel static analysis tool for detecting Rust type confusion bugs. By precisely tracking the inter-procedural data flows from unsafe type conversions to sensitive operations, DeRust can effectively and efficiently identify type confusion bugs. Our evaluation shows that DeRust can detect all the type confusion bugs in the benchmark datasets, and further helped report 54 previously unknown bugs in the top 1,000 Rust packages with 13 RustSec IDs assigned. We plan to release the prototype implementation of DeRust and other artifacts to help improve the Rust ecosystem.
Fri 17 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
11:00 - 12:30 | Dependability and Security 8Journal-first Papers / Demonstrations / Research Track at Oceania X Chair(s): Xusheng Xiao Arizona State University | ||
11:00 15mTalk | DamFlow: Preventing a Flood of Irrelevant Data Flows in Android Apps Journal-first Papers Marco Alecci University of Luxembourg, Jordan Samhi University of Luxembourg, Luxembourg, Marc Miltenberger Fraunhofer SIT; ATHENE, Steven Arzt Fraunhofer SIT; ATHENE, Tegawendé F. Bissyandé University of Luxembourg, Jacques Klein University of Luxembourg | ||
11:15 15mTalk | LVing: A Vulnerability Detection and Visualization Platform for Rust Demonstrations Ernesto Diaz Texas A&M University-San Antonio, Mark Solis Texas A&M University-San Antonio, Young Lee Texas A & M University - San Antonio, Jeong Yang Texas A&M University-San Antonio, Deep Gandhi Independent Researcher | ||
11:30 15mTalk | StagedVulBERT: Multi-Granular Vulnerability Detection with a Novel Pre-trained Code Model Journal-first Papers Yuan Jiang Harbin Institute of Technology, Yujian Zhang Harbin Institute of Technology, Xiaohong Su Harbin Institute of Technology, Christoph Treude Singapore Management University, Tiantian Wang Harbin Institute of Technology | ||
11:45 15mTalk | Just-in-Time Detection of Silent Security Patches Journal-first Papers Xunzhu Tang University of Luxembourg, Kisub Kim DGIST, Saad Ezzini King Fahd University of Petroleum and Minerals, Yewei Song University of Luxembourg, Haoye Tian Aalto University, Jacques Klein University of Luxembourg, Tegawendé F. Bissyandé University of Luxembourg | ||
12:00 15mTalk | Rusted Types: Static Detection of Rust Type Confusion Bugs Research Track Zeyang Zhuang The Chinese University of Hong Kong, Wei Meng Chinese University of Hong Kong, Michael Lyu The Chinese University of Hong Kong | ||
12:15 15mTalk | LLM-based Vulnerability Discovery through the Lens of Code Metrics Research Track Felix Weissberg BIFOLD & TU Berlin, Lukas Pirch BIFOLD & TU Berlin, Erik Imgrund BIFOLD & TU Berlin, Jonas Möller BIFOLD & TU Berlin, Thorsten Eisenhofer BIFOLD & TU Berlin, Konrad Rieck BIFOLD & TU Berlin Pre-print | ||