SlideShare a Scribd company logo

Why Rust? by Edd Barrett (codeHarbour December 2019)

Download as PPTX, PDF
A
Alex Cachia

For longer than I have existed, memory errors have plagued systems programming. Although many such errors are benign, sadly many end up being security vulnerabilities, or worse, exploits. In this talk, I will discuss how a security exploit is born, and how the Rust programming language tries to prevent them.

Technology
1 of 57
Why Rust? With Edd Barrett
A Little About Me e ResearchAssociate @King’s College London e Former postgrad of University of Kent. e OpenBSD Developer (ports) @ebarrett@mastodon.social @vext01
Rust
C and C++
C and C++ C e 1972 e Dennis Ritchie, Bell Labs C++ e 1985 e Bjarne Stroustrup Both “systems” languages.
C and C++ arePopular Languages https://www.tiobe.com/tiobe- index/
C and C++ arePopular Languages https://thenewstack.io/evolve -die-popular -programming-languages-confront-newcom ers-tiobe- index/
The problem languages like C and C++
The problem languages like C and C++ Unsafe
The problem languages like C and C++ Unsafe e Memorysafety e Threadsafety
The problem languages like C and C++ Unsafe e Memorysafety e Threadsafety
Memory Safety * s ) {v o i d d o _ s t u f f ( c h a r . . . i f ( e r r o r ) f r e e ( s ) ; } i n t m a i n ( v o i d ) { c h a r * s = m a l l o c ( 1 6 ) ; s t r n c p y ( s , " h e l l o " , 1 6 ) ; p r i n t f ( " s= ’ s’ n " , s ) ; d o _ s t u f f ( s ) ; p r i n t f ( " s= ’ s’ n " , s ) ; / / < - - Use a f t e r f r e e ! r e t u r n ( EXIT_ SUCCESS ) ; }
Kinds of Memory Error e Useafter free e Double free e Buffer overflow e Dangling pointer e Freeinganinvalidaddress Experiencedprogrammers makethesemistakes!
Memory Errors = Undefined Behaviour What should happen afterwards is notdefined! e Program may continue to work OK (you got lucky) e Program may crash e Program my continue, but behave differently
Memory Safety $ ./use-after -free s=’hello ’ s=’ ’
Security vulnerabilities
*Not anaccuratedepiction of a hacker https://pixabay.com/phot os/ hacker -attack-mask-internet-2883632/
Hackers! “Hackers” exploit memory errors Often they can“persuade” abrokenprogram to do their bidding
What Hackers Want
What Hackers Want e To steal your sensitive data.
What Hackers Want e To steal your sensitive data. e To run naughty programs on your computer.
How bad is the problem?
CVEs Common Vulnerability and Exposures Database
https://nvd.nist.gov/ vuln/detail/CVE -2019-8225
CVE Statistics: Cifuentes andBierman http: //drops.dagstuhl.de/opus/volltexte/2019/10546/
CVE Statistics: Cifuentes andBierman For the five years from 2013 to 2017: 5,899 buffer errors (That’s about 21%of the data) Average total cost of a data breach: US$3.86 million
Other Statistics: Alex Gaynor https://alexgaynor.net/2019/aug/12/ introduction-to-memory-unsafety-for-vps-of-engineering/
Other Statistics: Alex Gaynor A recent study found that 60-70% of vul- nerabilities in iOS and macOS are caused by memory unsafety. Microsoft estimates that 70% of all vulnera- bilities in their products over the last decade have been caused by memoryunsafety. Google estimated that 90% of Android vul- nerabilities arememoryunsafety.
How bad is the problem? Pretty bad!
What can wedo?
What can wedo? e Detect and fix using dynamic/static analysis
What can wedo? e Detect and fix using dynamic/static analysis e OS-level mitigations
What can wedo? e Detect and fix using dynamic/static analysis e OS-level mitigations e Usea“managed” language e GarbageCollection :(
Mozilla
Firefox
Rust
Rust’s Motivation Rust’s rich type system and owner- ship model guarantee memory-safety and thread-safety, and enable you to eliminate many classes of bugs at compile-time. (+ performance + productivity)
Example: Use after Free in Rust fn do_stuff(s: String) { ... if error { drop(s); // Not necessary. } } fn main () { let s = String ::from("hello"); println!("s=’{}’", s); do_stuff(s); println!("s=’{}’", s); }
Example: Use after Free in Rust e r r o r [ E0382 ] : borrow o f moved v a l u e : ‘s‘ l e t s - - > s r c / m a i n . r s : 1 2 : 2 4 | 8 | | | | = S t r i n g : : from ( " h e l l o " ) ; - move o c c u r s b e c a u s e ‘s‘h a s t y p e ‘s t d : : s t r i n g : : S t r i n g ‘, which does n o t i m p l e m e n t t h e ‘Copy ‘ t r a i t d o _ s t u f f ( s ) ; - v a l u e moved h e r e p r i n t l n ! ( " s= ’{}’", he r e . . . 11 | | 12 | | | s ) ; ^ v a l u e borrowe d a f t e r move e r r o r : a b o r t i n g due t o p r e v i o u s e r r o r
Ownership
Ownership Lifetimes
Rust’s Ownership and Lifetimes Compile-time memorysafety without agarbage collector.
Rust’s Ownership and Lifetimes Compile-time memorysafety without agarbage collector. Secureand performant systemsprogramming!
The take away message
The take away message With Rust, memoryerrors canbe(mostly) athing of the past.
The take away message With Rust, memoryerrors canbe(mostly) athing of the past. https://pixabay.com/photos/thumbs -up-thumb-hand-positive-
What else is good about Rust? e Pretty good performance.
What else is good about Rust? e Pretty good performance. e Goodstandard library.
What else is good about Rust? e Pretty good performance. e Goodstandard library. e Goodand safemulti-threading support.
What else is good about Rust? e Pretty good performance. e Goodstandard library. e Goodand safemulti-threading support. e Pretty portable.
What else is good about Rust? e Pretty good performance. e Goodstandard library. e Goodand safemulti-threading support. e Pretty portable. e Thriving community and ecosystem.
Any Downsides?
Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language.
Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language. e Rust is still young and changing.
Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language. e Rust is still young and changing. e Compile-times canbeslow.
Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language. e Rust is still young and changing. e Compile-times canbeslow. e Somethings arequite hard in “safe” Rust. e unsafe keyword
Resources Website: https://www.rust-lang.org/ GitHub: https://github.com/rust-lang/rust Try it out online: https://play.rust-lang.org/ Learn: https://doc.rust-lang.org/rust-by-example/

Recommended

When to rust
When to rustWhen to rust
When to rust
Thomas May
 
A small introduction to rust language
A small introduction to rust languageA small introduction to rust language
A small introduction to rust language
Ahmad Hosseini
 
The challenges of file formats
The challenges of file formatsThe challenges of file formats
The challenges of file formats
Ange Albertini
 
주로사용되는 Xss필터와 이를 공격하는 방법
주로사용되는 Xss필터와 이를 공격하는 방법주로사용되는 Xss필터와 이를 공격하는 방법
주로사용되는 Xss필터와 이를 공격하는 방법
guestad13b55
 
A CTF Hackers Toolbox
A CTF Hackers ToolboxA CTF Hackers Toolbox
A CTF Hackers Toolbox
Stefan
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
 
Exploring the Internet of Things Using Ruby
Exploring the Internet of Things Using RubyExploring the Internet of Things Using Ruby
Exploring the Internet of Things Using Ruby
Mike Hagedorn
 

Recommended

When to rust
When to rustWhen to rust
When to rust
Thomas May
 
A small introduction to rust language
A small introduction to rust languageA small introduction to rust language
A small introduction to rust language
Ahmad Hosseini
 
The challenges of file formats
The challenges of file formatsThe challenges of file formats
The challenges of file formats
Ange Albertini
 
주로사용되는 Xss필터와 이를 공격하는 방법
주로사용되는 Xss필터와 이를 공격하는 방법주로사용되는 Xss필터와 이를 공격하는 방법
주로사용되는 Xss필터와 이를 공격하는 방법
guestad13b55
 
A CTF Hackers Toolbox
A CTF Hackers ToolboxA CTF Hackers Toolbox
A CTF Hackers Toolbox
Stefan
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
 
Exploring the Internet of Things Using Ruby
Exploring the Internet of Things Using RubyExploring the Internet of Things Using Ruby
Exploring the Internet of Things Using Ruby
Mike Hagedorn
 
What is Python?
What is Python?What is Python?
What is Python?
wesley chun
 
Tips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software EngineeringTips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software Engineering
jtdudley
 
History of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniquesHistory of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniques
blaufish
 
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Codemotion
 
Rust Programming Language
Rust Programming LanguageRust Programming Language
Rust Programming Language
Jaeju Kim
 
Rust Hack
Rust HackRust Hack
Rust Hack
Viral Parmar
 
Does Java Have a Future After Version 8? (Belfast JUG April 2014)
Does Java Have a Future After Version 8? (Belfast JUG April 2014)Does Java Have a Future After Version 8? (Belfast JUG April 2014)
Does Java Have a Future After Version 8? (Belfast JUG April 2014)
Garth Gilmour
 
2 Roads to Redemption - Thoughts on XSS and SQLIA
2 Roads to Redemption - Thoughts on XSS and SQLIA2 Roads to Redemption - Thoughts on XSS and SQLIA
2 Roads to Redemption - Thoughts on XSS and SQLIA
guestfdcb8a
 
Metasepi team meeting #16: Safety on ATS language + MCU
Metasepi team meeting #16: Safety on ATS language + MCUMetasepi team meeting #16: Safety on ATS language + MCU
Metasepi team meeting #16: Safety on ATS language + MCU
Kiwamu Okabe
 
Scott Meyers — Why C++ Sails When the Vasa Sank
Scott Meyers — Why C++ Sails When the Vasa SankScott Meyers — Why C++ Sails When the Vasa Sank
Scott Meyers — Why C++ Sails When the Vasa Sank
Yandex
 
Rust: Reach Further (from QCon Sao Paolo 2018)
Rust: Reach Further (from QCon Sao Paolo 2018)Rust: Reach Further (from QCon Sao Paolo 2018)
Rust: Reach Further (from QCon Sao Paolo 2018)
nikomatsakis
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
Aleksandr Yampolskiy
 
Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surface
Saumil Shah
 
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
apidays
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
 
Programming Under Linux In Python
Programming Under Linux In PythonProgramming Under Linux In Python
Programming Under Linux In Python
Marwan Osman
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
RootedCON
 
Questioning the status quo
Questioning the status quoQuestioning the status quo
Questioning the status quo
Ivano Pagano
 
Ruby - The Hard Bits
Ruby - The Hard BitsRuby - The Hard Bits
Ruby - The Hard Bits
Paul Gallagher
 
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbertA Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
J On The Beach
 
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
Alex Cachia
 
Supporting IT by David Meares
Supporting IT by David MearesSupporting IT by David Meares
Supporting IT by David Meares
Alex Cachia
 

More Related Content

Similar to Why Rust? by Edd Barrett (codeHarbour December 2019)

Scott Meyers — Why C++ Sails When the Vasa Sank
Scott Meyers — Why C++ Sails When the Vasa SankScott Meyers — Why C++ Sails When the Vasa Sank
Scott Meyers — Why C++ Sails When the Vasa Sank
Yandex
 
Rust: Reach Further (from QCon Sao Paolo 2018)
Rust: Reach Further (from QCon Sao Paolo 2018)Rust: Reach Further (from QCon Sao Paolo 2018)
Rust: Reach Further (from QCon Sao Paolo 2018)
nikomatsakis
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
RootedCON
 
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbertA Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
J On The Beach
 

Similar to Why Rust? by Edd Barrett (codeHarbour December 2019) (20)

What is Python?
What is Python?What is Python?
What is Python?
 
Tips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software EngineeringTips And Tricks For Bioinformatics Software Engineering
Tips And Tricks For Bioinformatics Software Engineering
 
History of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniquesHistory of some Vulnerabilities and exploit techniques
History of some Vulnerabilities and exploit techniques
 
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
 
Rust Programming Language
Rust Programming LanguageRust Programming Language
Rust Programming Language
 
Rust Hack
Rust HackRust Hack
Rust Hack
 
Does Java Have a Future After Version 8? (Belfast JUG April 2014)
Does Java Have a Future After Version 8? (Belfast JUG April 2014)Does Java Have a Future After Version 8? (Belfast JUG April 2014)
Does Java Have a Future After Version 8? (Belfast JUG April 2014)
 
2 Roads to Redemption - Thoughts on XSS and SQLIA
2 Roads to Redemption - Thoughts on XSS and SQLIA2 Roads to Redemption - Thoughts on XSS and SQLIA
2 Roads to Redemption - Thoughts on XSS and SQLIA
 
Metasepi team meeting #16: Safety on ATS language + MCU
Metasepi team meeting #16: Safety on ATS language + MCUMetasepi team meeting #16: Safety on ATS language + MCU
Metasepi team meeting #16: Safety on ATS language + MCU
 
Scott Meyers — Why C++ Sails When the Vasa Sank
Scott Meyers — Why C++ Sails When the Vasa SankScott Meyers — Why C++ Sails When the Vasa Sank
Scott Meyers — Why C++ Sails When the Vasa Sank
 
Rust: Reach Further (from QCon Sao Paolo 2018)
Rust: Reach Further (from QCon Sao Paolo 2018)Rust: Reach Further (from QCon Sao Paolo 2018)
Rust: Reach Further (from QCon Sao Paolo 2018)
 
Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?Much ado about randomness. What is really a random number?
Much ado about randomness. What is really a random number?
 
Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surface
 
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
 
Programming Under Linux In Python
Programming Under Linux In PythonProgramming Under Linux In Python
Programming Under Linux In Python
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]
 
Questioning the status quo
Questioning the status quoQuestioning the status quo
Questioning the status quo
 
Ruby - The Hard Bits
Ruby - The Hard BitsRuby - The Hard Bits
Ruby - The Hard Bits
 
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbertA Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
A Post-Apocalyptic sun.misc.Unsafe World by Christoph engelbert
 

More from Alex Cachia

Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
Alex Cachia
 

More from Alex Cachia (20)

No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
 
Supporting IT by David Meares
Supporting IT by David MearesSupporting IT by David Meares
Supporting IT by David Meares
 
OWASP Top 10 2021 - let's take a closer look by Glenn Wilson
OWASP Top 10 2021 - let's take a closer look by Glenn WilsonOWASP Top 10 2021 - let's take a closer look by Glenn Wilson
OWASP Top 10 2021 - let's take a closer look by Glenn Wilson
 
If you think open source is not for you, think again by Jane Chakravorty
If you think open source is not for you, think again by Jane ChakravortyIf you think open source is not for you, think again by Jane Chakravorty
If you think open source is not for you, think again by Jane Chakravorty
 
Chaos Engineering – why we should all practice breaking things on purpose by ...
Chaos Engineering – why we should all practice breaking things on purpose by ...Chaos Engineering – why we should all practice breaking things on purpose by ...
Chaos Engineering – why we should all practice breaking things on purpose by ...
 
A brief overview of the history and practice of user experience by Ian Westbrook
A brief overview of the history and practice of user experience by Ian WestbrookA brief overview of the history and practice of user experience by Ian Westbrook
A brief overview of the history and practice of user experience by Ian Westbrook
 
Return the carriage, feed the line by Aaron Taylor
Return the carriage, feed the line by Aaron TaylorReturn the carriage, feed the line by Aaron Taylor
Return the carriage, feed the line by Aaron Taylor
 
Treating your career path and training like leveling up in games by Raymond C...
Treating your career path and training like leveling up in games by Raymond C...Treating your career path and training like leveling up in games by Raymond C...
Treating your career path and training like leveling up in games by Raymond C...
 
Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock
 
Software Security by Glenn Wilson
Software Security by Glenn WilsonSoftware Security by Glenn Wilson
Software Security by Glenn Wilson
 
Data Preparation and the Importance of How Machines Learn by Rebecca Vickery
Data Preparation and the Importance of How Machines Learn by Rebecca VickeryData Preparation and the Importance of How Machines Learn by Rebecca Vickery
Data Preparation and the Importance of How Machines Learn by Rebecca Vickery
 
Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...
Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...
Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...
 
Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)
Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)
Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)
 
Developing for Africa by Jonathan Haddock (codeHarbour October 2019)
Developing for Africa by Jonathan Haddock (codeHarbour October 2019)Developing for Africa by Jonathan Haddock (codeHarbour October 2019)
Developing for Africa by Jonathan Haddock (codeHarbour October 2019)
 
Revving up with Reinforcement Learning by Ricardo Sueiras
Revving up with Reinforcement Learning by Ricardo SueirasRevving up with Reinforcement Learning by Ricardo Sueiras
Revving up with Reinforcement Learning by Ricardo Sueiras
 
Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)
Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)
Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)
 
Seeking Simplicity by Phil Nash (codeHarbour June 2019)
Seeking Simplicity by Phil Nash (codeHarbour June 2019)Seeking Simplicity by Phil Nash (codeHarbour June 2019)
Seeking Simplicity by Phil Nash (codeHarbour June 2019)
 
Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)
Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)
Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)
 
Managing technical debt by Chris Willmott (codeHarbour April 2019)
Managing technical debt by Chris Willmott (codeHarbour April 2019)Managing technical debt by Chris Willmott (codeHarbour April 2019)
Managing technical debt by Chris Willmott (codeHarbour April 2019)
 
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Why Rust? by Edd Barrett (codeHarbour December 2019)

  • 2. A Little About Me e ResearchAssociate @King’s College London e Former postgrad of University of Kent. e OpenBSD Developer (ports) @ebarrett@mastodon.social @vext01
  • 5. C and C++ C e 1972 e Dennis Ritchie, Bell Labs C++ e 1985 e Bjarne Stroustrup Both “systems” languages.
  • 6. C and C++ arePopular Languages https://www.tiobe.com/tiobe- index/
  • 7. C and C++ arePopular Languages https://thenewstack.io/evolve -die-popular -programming-languages-confront-newcom ers-tiobe- index/
  • 8. The problem languages like C and C++
  • 9. The problem languages like C and C++ Unsafe
  • 10. The problem languages like C and C++ Unsafe e Memorysafety e Threadsafety
  • 11. The problem languages like C and C++ Unsafe e Memorysafety e Threadsafety
  • 12. Memory Safety * s ) {v o i d d o _ s t u f f ( c h a r . . . i f ( e r r o r ) f r e e ( s ) ; } i n t m a i n ( v o i d ) { c h a r * s = m a l l o c ( 1 6 ) ; s t r n c p y ( s , " h e l l o " , 1 6 ) ; p r i n t f ( " s= ’ s’ n " , s ) ; d o _ s t u f f ( s ) ; p r i n t f ( " s= ’ s’ n " , s ) ; / / < - - Use a f t e r f r e e ! r e t u r n ( EXIT_ SUCCESS ) ; }
  • 13. Kinds of Memory Error e Useafter free e Double free e Buffer overflow e Dangling pointer e Freeinganinvalidaddress Experiencedprogrammers makethesemistakes!
  • 14. Memory Errors = Undefined Behaviour What should happen afterwards is notdefined! e Program may continue to work OK (you got lucky) e Program may crash e Program my continue, but behave differently
  • 15. Memory Safety $ ./use-after -free s=’hello ’ s=’ ’
  • 17. *Not anaccuratedepiction of a hacker https://pixabay.com/phot os/ hacker -attack-mask-internet-2883632/
  • 18. Hackers! “Hackers” exploit memory errors Often they can“persuade” abrokenprogram to do their bidding
  • 20. What Hackers Want e To steal your sensitive data.
  • 21. What Hackers Want e To steal your sensitive data. e To run naughty programs on your computer.
  • 22. How bad is the problem?
  • 23. CVEs Common Vulnerability and Exposures Database
  • 25. CVE Statistics: Cifuentes andBierman http: //drops.dagstuhl.de/opus/volltexte/2019/10546/
  • 26. CVE Statistics: Cifuentes andBierman For the five years from 2013 to 2017: 5,899 buffer errors (That’s about 21%of the data) Average total cost of a data breach: US$3.86 million
  • 27. Other Statistics: Alex Gaynor https://alexgaynor.net/2019/aug/12/ introduction-to-memory-unsafety-for-vps-of-engineering/
  • 28. Other Statistics: Alex Gaynor A recent study found that 60-70% of vul- nerabilities in iOS and macOS are caused by memory unsafety. Microsoft estimates that 70% of all vulnera- bilities in their products over the last decade have been caused by memoryunsafety. Google estimated that 90% of Android vul- nerabilities arememoryunsafety.
  • 29. How bad is the problem? Pretty bad!
  • 31. What can wedo? e Detect and fix using dynamic/static analysis
  • 32. What can wedo? e Detect and fix using dynamic/static analysis e OS-level mitigations
  • 33. What can wedo? e Detect and fix using dynamic/static analysis e OS-level mitigations e Usea“managed” language e GarbageCollection :(
  • 36. Rust
  • 37. Rust’s Motivation Rust’s rich type system and owner- ship model guarantee memory-safety and thread-safety, and enable you to eliminate many classes of bugs at compile-time. (+ performance + productivity)
  • 38. Example: Use after Free in Rust fn do_stuff(s: String) { ... if error { drop(s); // Not necessary. } } fn main () { let s = String ::from("hello"); println!("s=’{}’", s); do_stuff(s); println!("s=’{}’", s); }
  • 39. Example: Use after Free in Rust e r r o r [ E0382 ] : borrow o f moved v a l u e : ‘s‘ l e t s - - > s r c / m a i n . r s : 1 2 : 2 4 | 8 | | | | = S t r i n g : : from ( " h e l l o " ) ; - move o c c u r s b e c a u s e ‘s‘h a s t y p e ‘s t d : : s t r i n g : : S t r i n g ‘, which does n o t i m p l e m e n t t h e ‘Copy ‘ t r a i t d o _ s t u f f ( s ) ; - v a l u e moved h e r e p r i n t l n ! ( " s= ’{}’", he r e . . . 11 | | 12 | | | s ) ; ^ v a l u e borrowe d a f t e r move e r r o r : a b o r t i n g due t o p r e v i o u s e r r o r
  • 42. Rust’s Ownership and Lifetimes Compile-time memorysafety without agarbage collector.
  • 43. Rust’s Ownership and Lifetimes Compile-time memorysafety without agarbage collector. Secureand performant systemsprogramming!
  • 44. The take away message
  • 45. The take away message With Rust, memoryerrors canbe(mostly) athing of the past.
  • 46. The take away message With Rust, memoryerrors canbe(mostly) athing of the past. https://pixabay.com/photos/thumbs -up-thumb-hand-positive-
  • 47. What else is good about Rust? e Pretty good performance.
  • 48. What else is good about Rust? e Pretty good performance. e Goodstandard library.
  • 49. What else is good about Rust? e Pretty good performance. e Goodstandard library. e Goodand safemulti-threading support.
  • 50. What else is good about Rust? e Pretty good performance. e Goodstandard library. e Goodand safemulti-threading support. e Pretty portable.
  • 51. What else is good about Rust? e Pretty good performance. e Goodstandard library. e Goodand safemulti-threading support. e Pretty portable. e Thriving community and ecosystem.
  • 53. Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language.
  • 54. Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language. e Rust is still young and changing.
  • 55. Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language. e Rust is still young and changing. e Compile-times canbeslow.
  • 56. Any Downsides? e Rust is quite hard to learn. e e e Ownership/lifetimes are unfamiliar. Error messages hard to understand. Large language. e Rust is still young and changing. e Compile-times canbeslow. e Somethings arequite hard in “safe” Rust. e unsafe keyword
  • 57. Resources Website: https://www.rust-lang.org/ GitHub: https://github.com/rust-lang/rust Try it out online: https://play.rust-lang.org/ Learn: https://doc.rust-lang.org/rust-by-example/