April 29, 2022

Introducing Rust in security research

rustsecurityresearch
Introducing Rust in security research
When iHub's Bernard van Gastel asked us to help them start with Rust, we were somewhat surprised by their bold step but absolutely happy to assist. In this article we'll describe how we went about designing a workshop for the iHub team.

Taking the step to switch your development team from a long-established programming language (C++) to a new one is never easy. When your game is software security and essential cryptography that is certainly the case.

We drew up a plan that consisted of preparation material and a full-day workshop in two parts: a quick run-through of the basics of Rust, and in the afternoon interop of C and Rust. Our Rust developers Ruben and Folkert the respective workshop leaders.

About iHub

iHub is Radboud University's interdisciplinary research hub on digitalization and society. It is the link between the universities' security and privacy research and the practical application of that technology.

iHub logo

iHub runs several ground-breaking projects. Among their initiatives are privacy technologies IRMA and PEP. If you feel like it, read more about iHub's mission here. We'll get back to PEP in a later blog post.

Target audience

The goal of the workshop is to introduce iHub's researchers and security developers to Rust. Because most security-related code is still written in C, the workshop needed to cover integrating C and Rust. In general, the workshop should make sure that iHub is well-prepared for its Rust deep-dive in the coming months.

In designing the workshop we could safely assume a high level of understanding of concepts in programming languages in general and in C++ specifically, i.e. assume the audience are quick learners. We felt we could go through the basics a little quicker than usual.

Flip the classroom

Fun fact: also present in the audience was Bart Jacobs, a renowned professor of security and privacy at Radboud University, where most of us studied. He recently received the Stevin Prize 2021, the highest award in Dutch science. Lecturing the professor you studied under is a very rewarding achievement. Full circle for Ruben and Folkert.

Outline of the workshop

To give you an idea of the workshop's contents, we will give you an outline here. Have a look at our Github for more.

The first slide lists the goals for the day:

  • Get a feeling of the language, but it will take time to fully learn Rust
  • Trusting your tools, so that you can focus on the important stuff
  • Core concepts that can help you even if you never write another line of Rust

Starting with variables, types and control flow, the morning continued all the way through to memory management, ownership and borrowing, error handling and dependencies.

Enums in Rust

It was a great morning session with a lot of questions and interaction throughout.

In the afternoon Folkert covered interop in the second part of the workshop called "Bridging the gap: Making Rust and C play together", using exercises to get a feel for practical application.

Using C from Rust

The crc-in-c exercise can be found here.

Folkert also covered a more extensive example using TweetNaCl, the "crypto library in 100 tweets", touching on the subject matter that iHub's developers deal with daily.

Crypto library TweetNaCl bindings

The exercise source code is here.

iHub's takeaways

Bernard was very pleased with the workshop, the exercises and the interaction in the group, and said he's convinced Rust will provide a step forward, even though iHub already had strict C++ guidelines and best practices in place:

Rust gives me the peace of mind to bring new developers in quickly, even in critical projects. That is because Rust’s language features and tools prevent subtle problems that for example, a developer in C++ needs years to master. Looking beyond the benefits for the individual, it is easier for team members to work on each other's projects and help out, and share code or modules.

That these weren't just kind words, was proven shortly after the workshop when iHub decided to immediately start using Rust in a bunch of their upcoming projects.

Conclusion

It's a great experience to get a group of motivated engineers started with Rust. We are happy to see interest in Rust on the rise in important application areas such as security research. A great fit if you ask us.

(our services)

Want to explore Rust?

We offer:

  • introductory talks
  • knowledge-sharing presentations
  • off-the-shelf or tailor-made workshops

Download a conversation starter to share with your colleagues!

Download leaflet

Interested in working with Rust? Check out our Rust page.

rustsecurityresearch

Stay up-to-date

Stay up-to-date with our work and blog posts?

Related articles

In April 2023 Wouter (left in picture) and I and went to Paris to attend CYSAT, a conference about cyber security for the space industry. We met up with our client GAMA's Chris de Claverie (right in picture). Wouter and Chris (and also Dion) had been working together for months and teamed up to explain to the audience how and why they were putting Rust in space.
meetuprustsecurity
Read article
Recently, we gave a workshop for the folks at iHub about using Rust, specifically looking at integrating Rust with cryptography libraries written in C.
securityrustdevelopmentmemory-safety
Read article
Sending documents over the internet can be a pain. Email providers generally support attachments with a maximum size between 10 and 50 MB, for larger files one would need to find another way. Most people would probably use one of the many public cloud or file sender solutions. But what if the files to be sent contain personal information, medical information or are private family photos? And how do you know that only the recipient can access and download these files?
securityprivacytypescriptirmaopen-sourcerust
Read article