Full Program »
RUPAIR: Towards Automatic Buffer Overflow Detection and Rectification for Rust
Rust is an emerging programming language which aims to provide both safety guarantee and runtime efficiency, and has been used extensively in system programming scenarios. However, as Rust consists of an unsafe language subset unsafe, Rust programs are still vulnerable to severe security attacks which may defeat its safety guarantees. Existing studies on Rust security focus on the detection of vulnerabilities but seldom consider the bug fix issues. Meanwhile, it is often time-consuming and error-prone for Rust developers to understand and fix bugs manually, due to Rust’s advanced language features. In this paper, we present RUPAIR, an automated rectification system, to detect and fix one sort of the most severe Rust vulnerabilities—buffer overflows, and help developers release secure Rust projects. The key technical component of RUPAIR is a novel security oriented lightweight data-flow analysis algorithm, which makes use of Rust’s two primary intermediate representations and works across the boundary of the Rust’s safe and unsafe sub-languages. To evaluate the effectiveness of RUPAIR, we first apply it to all 4 reported buffer overflow-related CVEs and vulnerabilities (as of June 20, 2021). Experiment results demonstrated that RUPAIR successfully detected and rectified all these CVEs. To testify the scalability of RUPAIR, we collected 36 open-source Rust projects from 8 different application domains, consisting of 5,108,432 lines of Rust source code, and applied RUPAIR on these projects. Experiment results showed that RUPAIR successfully identified 14 previously undiscovered buffer overflow vulnerabilities in these projects, and rectified all of them. Moreover, RUPAIR is efficient, only introduced 3.6% overhead to each rectified Rust program on average.