You are viewing content from a past/completed QCon

Presentation: The Most Secure Program Is One That Doesn’t Exist

Track: 21st Century Languages

Location: Pacific DEKJ

Duration: 1:40pm - 2:30pm

Day of week: Tuesday

Level: Intermediate

Persona: Backend Developer

Share this on:

This presentation is now available to view on InfoQ.com

Watch video with transcript

What You’ll Learn

  1. Understand what safeties Rust offers and how it can save you from making common mistakes.

  2. Hear about case studies of libraries implemented in Rust and what was found.

  3. Learn examples of what Rust can and cannot do

Abstract

Rust is a programming language that started with the explicit goal of preventing segfaults and guaranteeing thread safety to create a fearlessly concurrent systems language. The compiler enforces type- and memory- safety to achieve this. There’s a significant overlap between critical security bugs and memory vulnerabilities, so code written in Rust is more secure. But that’s only half the story. Can a language mitigate side-channel attacks? How can we integrate formal methods to prove implementation correctness? This talk will give an overview of how Rust’s design gives security guarantees and discuss goals and visions for the future.

Question: 

QCon: What’s the focus of the work you do today?

Answer: 

Diane: I am the security and privacy lead on the mixed reality team. The focus of my work is building a browser that provides a secure, immersive web experience. I also work very closely with the Rust team. I lead the formal verification effort which is determining how we leverage the unique properties of Rust to allow people to use formal verification tools and techniques in their app code.

It's in the early stages but there are some aspects of Rust (namely that it is strongly influenced by functional programming languages) that I believe make it very promising. I also work with the unsafe code guidelines group.

Question: 

QCon: What's the motivation for your talk?

Answer: 

Diane: I once implemented an unsafe trait that I never should have been implementing. It was caught in review, and that really was the inspiration for the talk.

Question: 

QCon: What topics are you going to cover?

Answer: 

Diane: I’m going to start out by giving you overview of what guarantees Rust offers and what that actually means. What is memory safety? How do we do it? Then I’ll go into discussing a case study with specific code examples.

After talking about the guarantees results of this study, which is an example of taking a component of a very large C code base and swapping it out for a Rust component. That's the strength of Rust; as engineers, we want to build things modularly. We don't want to have to rewrite everything from scratch every time we decide that to go a new route with a language for whatever reason. Because of the zero-cost abstraction, the idea is you can call back and forth between languages like C without an amortized performance cost. It just looks like C. That’s very powerful tool for modernizing projects.

What I'm planning to do with this talk is help people understand what Rust does and doesn't do. Sometimes people think that Rust is memory safe and everything should be in Rust. Well, maybe not. For example, coming from a security background, all of our main cryptographic libraries are written in C and C++ with generally hand optimized assembly and when you are re-implementing normal code and you introduce a logic error, it will cause something to not work quite right. That's a problem. But if memory safety is not an issue then you generally don't have to worry about things like remote code execution.

Question: 

QCon: Who is the target audience for your talk?

Answer: 

Diane: The target audience is anyone unfamiliar with the guarantees provided by Rust or people who are looking for a refresher. A lot of it is going to be geared towards people who are more familiar with systems programming.

Speaker: Diane Hosfelt

Research Engineer @mozilla

Diane Hosfelt is the security lead for the Mixed Reality team at Mozilla Research and works closely with the Rust Project to improve security with formal methods and unsafe code guidelines. In her free time, she enjoys the great indoors with her cats, Batman and Watson.

Find Diane Hosfelt at

Tracks

  • Optimizing Yourself: Human Skills for Individuals

    Better teams start with a better self. Learn practical skills for IC.

  • Modern Data Architectures

    Today’s systems move huge volumes of data. Hear how places like LinkedIn, Facebook, Uber and more built their systems and learn from their mistakes.

  • Practices of DevOps & Lean Thinking

    Practical approaches using DevOps and a lean approach to delivering software.

  • Operationalizing Microservices: Design, Deliver, Operate

    What's the last mile for deploying your service? Learn techniques from the world's most innovative shops on managing and operating Microservices at scale.

  • Bare Knuckle Performance

    Killing latency and getting the most out of your hardware

  • Architectures You've Always Wondered About

    Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, & more

  • Machine Learning for Developers

    AI/ML is more approachable than ever. Discover how deep learning and ML is being used in practice. Topics include: TensorFlow, TPUs, Keras, PyTorch & more. No PhD required.

  • Production Readiness: Building Resilient Systems

    Making systems resilient involves people and tech. Learn about strategies being used from chaos testing to distributed systems clustering.

  • Surviving Uncertainty: Regulation, Risk, and Compliance

    With so much uncertainty, how do you bulkhead your organization and technology choices? Learn strategies for dealing with uncertainty.

  • Languages of Infra

    This track explores languages being used to code the infrastructure. Expect practices on toolkits and languages like Cloudformation, Terraform, Python, Go, Rust, Erlang.

  • Building & Scaling High-Performing Teams

    Building, maintaining, and growing a team balanced for skills and aptitudes. Constraint theory, systems thinking, lean, hiring/firing and performance improvement

  • Evolving the JVM

    The JVM continues to evolve. We’ll look at how languages like Kotlin, Graal, Clojure, and Java are evolving the JDK. Expect polyglot, multi-VM, performance, and more in this track.

  • Trust, Safety & Security

    Privacy, confidentiality, safety and security: learning from the frontlines.

  • JavaScript & Transpiler/WebAssembly Track

    JavaScript is the language of the web. Latest practices for JavaScript development in and how transpilers are affecting the way we work. We’ll also look at the work being done with WebAssembly.

  • Modern Operating Systems

    Applied, practical & real-world deep-dive into industry adoption of OS, containers and virtualization, including Linux on.

  • Software Supply Chain

    Securing the container image supply chain (containers + orchestration + security + DevOps).

  • Modern CS in the Real World

    Thoughts pushing software forward, including consensus, CRDT's, formal methods & probabilistic programming.

  • Tech Ethics: The Intersection of Human Welfare & STEM

    What does it mean to be ethical in software? Hear how the discussion is evolving and what is being said in ethics.