CRII: CSR: Understanding and Enhancing Unsafe Rust Code in Resource-constrained Systems

Project: Research project

Project Details


Resource-constrained systems run on resource-constrained devices, which have low computation power, and limited memory and storage with the advantage of low-electrical-power consumption. They are increasingly used nowadays, including IoT (Internet of Things) devices (e.g., smart home devices) and embedded devices (e.g., Bluetooth/Wi-Fi modules in the desktop/mobile platform). However, the advantage comes with the expense of no or limited software and hardware protections. As a result, new vulnerabilities are being discovered in resource-constrained systems. To mitigate this problem, Rust is gaining popularity in implementing these systems due to its safety and close performance to C/C++, while a Rust compiler enforces restrictive rules and leverages the unsafe keyword to bypass them. Unfortunately, the introduction of unsafe Rust code also introduces potential safety issues defeating the purpose of using Rust to enhance resource-constrained systems. This project addresses this challenge by exploring, designing and experimenting with various tools and frameworks in the context of resource-constrained systems, and provides insights on unsafe Rust code in these systems. In this way, this project targets reducing the negative effect of using the unsafe keyword and support developers with more confidence in safety guarantee. This project aims to improve using Rust in resource-constrained systems by eliminating unnecessary usage of the unsafe keyword or preventing the potential issues caused by unsafe Rust code. As a result, resource-constrained systems written in Rust would be more secure, even if the unsafe keyword is used. Furthermore, tools and frameworks developed in this project will be open-source. They will not only be helpful to resource-constrained system developers, but also contribute to the Rust community. The best practices concluded and lessons learned during this project will also be open to the community. The goal is to elaborate the result as RFC (Request for Comments) documents and make them the standard. As part of the outreach effort, the data and the results of this project will be incorporated into undergraduate courses in both computer science and cybersecurity.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
Effective start/end date6/1/235/31/25


  • National Science Foundation: $151,453.00


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.