Rust is a promising language by providing strong safety guarantees through its advanced features including borrowing semantics and lifetime checking, and has been adopted in security-critical domains. However, Rust programs may still be vulnerable to sensitive data leak issues due to its lack of information flow checking capabilities. As a result, these data leaks undermine Rust’s strong security guarantees. In this paper, to fill the current gap, we propose a novel information flow checking approach for Rust language by leveraging static taint analysis, to detect potential data leak issues. We first propose an approach to annotate sensitive data within Rust programs by utilizing Rust’s macro features. We then design an information flow checking algorithm based on static taint analysis, in which we use tainted abstract domains to model data sensitivity and use transfer functions to model the data flow. Furthermore, we design a context-sensitive algorithm to track the propagation of tainted values across procedure boundaries by leveraging a functional approach. We implement our approach in a software prototype RustGuard by extending Rust’s official rustc compiler and conduct extensive evaluations with it. Our evaluation results demonstrate that our approach achieves precision and recall both of 91.67%, while introducing only an additional 14.07% runtime overhead and negligible memory consumption to detect data leak issues. Moreover, compared with the state-of-the-art approach Cocoon, our approach achieves stronger usability by requiring few program modifications.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

RustGuard: Detecting Rust Data Leak Issues with Context-Sensitive Static Taint Analysis

  • Shanlin Deng,
  • Mingliang Liu,
  • Si Wu,
  • Baojian Hua

摘要

Rust is a promising language by providing strong safety guarantees through its advanced features including borrowing semantics and lifetime checking, and has been adopted in security-critical domains. However, Rust programs may still be vulnerable to sensitive data leak issues due to its lack of information flow checking capabilities. As a result, these data leaks undermine Rust’s strong security guarantees. In this paper, to fill the current gap, we propose a novel information flow checking approach for Rust language by leveraging static taint analysis, to detect potential data leak issues. We first propose an approach to annotate sensitive data within Rust programs by utilizing Rust’s macro features. We then design an information flow checking algorithm based on static taint analysis, in which we use tainted abstract domains to model data sensitivity and use transfer functions to model the data flow. Furthermore, we design a context-sensitive algorithm to track the propagation of tainted values across procedure boundaries by leveraging a functional approach. We implement our approach in a software prototype RustGuard by extending Rust’s official rustc compiler and conduct extensive evaluations with it. Our evaluation results demonstrate that our approach achieves precision and recall both of 91.67%, while introducing only an additional 14.07% runtime overhead and negligible memory consumption to detect data leak issues. Moreover, compared with the state-of-the-art approach Cocoon, our approach achieves stronger usability by requiring few program modifications.