Introducing Rust in security research

Ruben
Software Engineer
Erik
Co-owner & Director of Open Source
Introducing Rust in security research
When iHub's Bernard van Gastel asked us to help them start with Rust, we were somewhat surprised by their bold step but absolutely happy to assist. In this article we'll describe how we went about designing a workshop for the iHub team.

Taking the step to switch your development team from a long-established programming language (C++) to a new one is never easy. When your game is software security and essential cryptography that is certainly the case.

We drew up a plan that consisted of preparation material and a full-day workshop in two parts: a quick run-through of the basics of Rust, and in the afternoon interop of C and Rust. Our Rust developers Ruben and Folkert the respective workshop leaders.

About iHub

iHub is Radboud University's interdisciplinary research hub on digitalization and society. It is the link between the universities' security and privacy research and the practical application of that technology.

iHub logo

iHub runs several ground-breaking projects. Among their initiatives are privacy technologies IRMA and PEP. If you feel like it, read more about iHub's mission here. We'll get back to PEP in a later blog post.

Target audience

The goal of the workshop is to introduce iHub's researchers and security developers to Rust. Because most security-related code is still written in C, the workshop needed to cover integrating C and Rust. In general, the workshop should make sure that iHub is well-prepared for its Rust deep-dive in the coming months.

In designing the workshop we could safely assume a high level of understanding of concepts in programming languages in general and in C++ specifically, i.e. assume the audience are quick learners. We felt we could go through the basics a little quicker than usual.

Flip the classroom

Fun fact: also present in the audience was Bart Jacobs, a renowned professor of security and privacy at Radboud University, where most of us studied. He recently received the Stevin Prize 2021, the highest award in Dutch science. Lecturing the professor you studied under is a very rewarding achievement. Full circle for Ruben and Folkert.

Outline of the workshop

To give you an idea of the workshop's contents, we will give you an outline here. Have a look at our Github for more.

The first slide lists the goals for the day:

  • Get a feeling of the language, but it will take time to fully learn Rust
  • Trusting your tools, so that you can focus on the important stuff
  • Core concepts that can help you even if you never write another line of Rust

Starting with variables, types and control flow, the morning continued all the way through to memory management, ownership and borrowing, error handling and dependencies.

Enums in Rust

It was a great morning session with a lot of questions and interaction throughout.

In the afternoon Folkert covered interop in the second part of the workshop called "Bridging the gap: Making Rust and C play together", using exercises to get a feel for practical application.

Using C from Rust

The crc-in-c exercise can be found here.

Folkert also covered a more extensive example using TweetNaCl, the "crypto library in 100 tweets", touching on the subject matter that iHub's developers deal with daily.

Crypto library TweetNaCl bindings

The exercise source code is here.

iHub's takeaways

Bernard was very pleased with the workshop, the exercises and the interaction in the group, and said he's convinced Rust will provide a step forward, even though iHub already had strict C++ guidelines and best practices in place:

Rust gives me the peace of mind to bring new developers in quickly, even in critical projects. That is because Rust’s language features and tools prevent subtle problems that for example, a developer in C++ needs years to master. Looking beyond the benefits for the individual, it is easier for team members to work on each other's projects and help out, and share code or modules.

That these weren't just kind words, was proven shortly after the workshop when iHub decided to immediately start using Rust in a bunch of their upcoming projects.

Conclusion

It's a great experience to get a group of motivated engineers started with Rust. We are happy to see interest in Rust on the rise in important application areas such as security research. A great fit if you ask us.

(our services)

Want to explore Rust?

We offer:

  • introductory talks
  • knowledge-sharing presentations
  • off-the-shelf or tailor-made workshops

Download a conversation starter to share with your colleagues!

Download leaflet

Interested in working with Rust? Check out our Rust page.

Ruben
Software Engineer
Erik
Co-owner & Director of Open Source

Stay up-to-date

Stay up-to-date with our work and blog posts?

Related articles

The internet has a hole at the bottom of its trust stack, and we need to do something about it. In particular, the internet needs secure time synchronization to fortify the security of our digital world. In this article, we present a path towards the adoption of securely synchronized time.
Messing around with people's clocks can be a great source of practical jokes. Even nowadays, with many people getting their time digitally, this is not as impossible as you might think. (And the month of April, with the switch to summer time and April Fool's Day, provided the perfect timing for this experiment, of course...)
When sudo-rs development started, we added several dependencies using Rust’s crates ecosystem to quickly ramp up development. During development we accrued approximately 135 transitive (direct and indirect) dependencies. Once this was identified, we managed to reduce our total dependencies down to three. In this blog, we explain why and how we did this.