$0
Pennsylvania State Univ University Park
Pennsylvania
Computer and Information Science and Engineering (CISE)
Resource-constrained systems run on resource-constrained devices, which have low computation power, and limited memory and storage with the advantage of low-electrical-power consumption. They are increasingly used nowadays, including IoT (Internet of Things) devices (e.g., smart home devices) and embedded devices (e.g., Bluetooth/Wi-Fi modules in the desktop/mobile platform). However, the advantage comes with the expense of no or limited software and hardware protections. As a result, new vulnerabilities are being discovered in resource-constrained systems. To mitigate this problem, Rust is gaining popularity in implementing these systems due to its safety and close performance to C/C++, while a Rust compiler enforces restrictive rules and leverages the unsafe keyword to bypass them. Unfortunately, the introduction of unsafe Rust code also introduces potential safety issues defeating the purpose of using Rust to enhance resource-constrained systems. This project addresses this challenge by exploring, designing and experimenting with various tools and frameworks in the context of resource-constrained systems, and provides insights on unsafe Rust code in these systems. In this way, this project targets reducing the negative effect of using the unsafe keyword and support developers with more confidence in safety guarantee. This project aims to improve using Rust in resource-constrained systems by eliminating unnecessary usage of the unsafe keyword or preventing the potential issues caused by unsafe Rust code. As a result, resource-constrained systems written in Rust would be more secure, even if the unsafe keyword is used. Furthermore, tools and frameworks developed in this project will be open-source. They will not only be helpful to resource-constrained system developers, but also contribute to the Rust community. The best practices concluded and lessons learned during this project will also be open to the community. The goal is to elaborate the result as RFC (Request for Comments) documents and make them the standard. As part of the outreach effort, the data and the results of this project will be incorporated into undergraduate courses in both computer science and cybersecurity.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.