Rust実装セキュリティ - LayerX Research

Rust実装セキュリティ

まとめ

(Rust) Zeroize memory

(Rust) Memory leak

(Rust) Biased PRNG

(Rust) Underflow/Overflow

(Rust) Overflow the stack bugs

(Rust) Fuzzy testing

(Rust) Cofactor checkings

(Rust) Encapsulation

Cryptographic Attacksまとめ

Rust code audit

References

https://medium.com/@shnatsel

Security as Rust 2019 goal

https://medium.com/@shnatsel/security-as-rust-2019-goal-6a060116ba39

How Rust’s standard library was vulnerable for years and nobody noticed

https://medium.com/@shnatsel/how-rusts-standard-library-was-vulnerable-for-years-and-nobody-noticed-aebf0503c3d6

How I’ve found vulnerability in a popular Rust crate (and you can too)

https://medium.com/@shnatsel/how-ive-found-vulnerability-in-a-popular-rust-crate-and-you-can-too-3db081a67fb

Auditing popular Rust crates: how a one-line unsafe has nearly ruined everything

https://medium.com/@shnatsel/auditing-popular-rust-crates-how-a-one-line-unsafe-has-nearly-ruined-everything-fab2d837ebb1

How many security exploits would Rust prevent?

https://www.reddit.com/r/rust/comments/5y3cxb/how_many_security_exploits_would_rust_prevent/

Secure Rust Guidelines

https://anssi-fr.github.io/rust-guide/01_introduction.html

https://llogiq.github.io/

Bugs found by Miri

OSS

OSSセキュリティ技術の会(SECURE OSS SIG)

https://www.secureoss.jp/

OSS脆弱性ウォッチ

https://www.atmarkit.co.jp/ait/series/6764/