<meta charset="utf-8"><!-- -*- markdown -*- -->
    **CSE 291-K: Building Secure Systems with Rust**
          [*Deian Stefan*](https://cseweb.ucsd.edu/~dstefan/) and [*Evan Johnson*](https://enjhnsn2.github.io/)

About
==============================================================

This course will explore how using a language like Rust with a powerful type 
system and strong safety guarantees affects the design of secure systems. Do the 
safety guarantees provided by Rust (e.g., memory safety) make it easier 
to provide stronger guarantees using techniques like verification? What classes 
of vulnerabilities can we completely eliminate by cleverly taking advantage of Rust's 
type system? Where and how do Rust's safety guarantees break down when applied 
to low-level systems code? To (start to) answer these questions, students will read, 
present, and discuss recent research papers in the field and conduct a relevant 
quarter-long research project in small groups. 

Lectures:
: Monday and Wednesday 11:00 - 12:20pm CSE 4258

Staff:
: **Instructors**: Deian Stefan and Evan Johnson

Office hours:
: **Evan**: Wednesday 4:00-5:00 CSE 3142

Class discussion:
: We'll use the CSE slack channel `cse291k-fall24`

Calendar and Readings
==============================================================

Mon Sep 30 2024: Introduction
  - [*Slides*](./slides/intro.pdf)
  - *Reading*: 
    - [The Rise of Worse is Better](https://www.dreamsongs.com/RiseOfWorseIsBetter.html) by Richard Gabriel
  - *Optional reading*:
    - [The Rust I Wanted Had No Future](https://graydon2.dreamwidth.org/307291.html) by Graydon Hoare
    - ["What next?"](https://graydon2.dreamwidth.org/253769.html) by Graydon Hoare

Wed Oct 2 2024: Rust
  - *Reading*: 
    - [Engineering the Servo Web Browser Engine using Rust](./papers/servo.pdf) by Brian Anderson et al.
  - *Optional reading*:
    - [Rust book chapter 4: Ownership](https://doc.rust-lang.org/book/ch04-00-understanding-ownership.html)

Mon Oct 7 2024: Safe and Unsafe Rust
  - *Reading*:
    - [Rustnomicon chapter 1: Safe & Unsafe](https://doc.rust-lang.org/nomicon/meet-safe-and-unsafe.html) 
    - [How do programmers use unsafe rust?](./papers/unsafe_rust.pdf) by Vytautas Astrauskas et al.
  - *Optional reading*:
    - [Two Kinds of Invariants: Safety and Validity](https://www.ralfj.de/blog/2018/08/22/two-kinds-of-invariants.html)
    - [Unsafe Rust and Miri](https://www.youtube.com/watch?v=svR0p6fSUYY&t=213s)

Wed Oct 9 2024: Isolating untrusted code with Rust
  - *Reading*:
    - [RedLeaf: isolation and communication in a safe operating system](./papers/redleaf.pdf) by Vikram Narayanan et al.
    - [CVE-rs](https://github.com/Speykious/cve-rs)


Mon Oct 14 2024: Isolation (cont.)
  - *Reading*:
    - [Retrofitting Fine Grain Isolation in the Firefox Renderer](./papers/rlbox.pdf) by Shravan Narayan et al.

Wed Oct 16 2024: Rusty embedded systems
  - *Reading*:
    - [Multiprogramming a 64kB Computer Safely and Efficiently](./papers/tock.pdf) by Amit Levy et al.

Mon Oct 21 2024: Rusty embedded systems (day 2)
  - *Reading*:
    - [Bringing Segmented Stacks to Embedded Systems](./papers/segmented_stacks.pdf) by Zhiyao Ma and Lin Zhong
    - [Panic Recovery in Rust-based Embedded Systems](./papers/embedded_recovery.pdf) by Zhiyao Ma et al.

Wed Oct 23 2024: Project day

Mon Oct 28 2024: Rusty embedded systems (day 3)
  - *Reading*:
    - [Tighten rust’s belt: shrinking embedded Rust binaries](./papers/shrinking_rust_binaries.pdf) by Hudson Ayers et al.

Wed Oct 30 2024: Formal methods in Rust (Nico)
  - *Reading*:
    - [Flux: Liquid Types for Rust](./papers/flux.pdf)

Mon Nov 4 2024: The foreign function interface
  - *Reading*:
    - [A Study of Undefined Behavior Across Foreign Function Boundaries in Rust Libraries](./papers/ffi_study.pdf) by Ian McCormack et al.
  - *Optional reading*:
    - [Rustnomicon chapter 11: FFI](https://doc.rust-lang.org/nomicon/ffi.html)

Wed Nov 6 2024: The foreign function interface (continued)
  - *Reading*:
    - [Detecting Cross-Language Memory Management Issues in Rust](./papers/ffi_checker.pdf) by Zhuohua Li et al.
  - *Optional reading*:
    - [Encapsulated Functions: Fortifying Rust’s FFI in Embedded Systems](./papers/encapsulated_functions.pdf) by Leon Schuermann et al.

Mon Nov 11 2024: Veteran's Day

Wed Nov 13 2024: Static analysis on Rust
 - *Reading*:
    - [Modular information flow through ownership](./papers/ifc.pdf) by Will Chrichton et al.

Mon Nov 18 2024: Fearless Concurrency?
 - *Reading*:
    - [When is parallelism fearless and zero-cost with Rust?](./papers/parallelism.pdf) by Javad Abdi et al.

Wed Nov 20 2024: Fearless Concurrency? (continued)
 - *Reading*:
    - [Deadlock free async message reordering in rust with multiparty session types](./papers/session_types.pdf) by Zak Cutner et al.


Wed Nov 20 2024: 

Mon Nov 25 2024: 

Wed Nov 27 2024: Thanksgiving

Mon Dec 2 2024: 

Wed Dec 4 2024:  


<style class="fallback">body{visibility:hidden;white-space:pre;font-family:monospace}</style><script src="markdeep.min.js"></script>
<script>
  window.alreadyProcessedMarkdeep || (document.body.style.visibility="visible");
  markdeepOptions= {tocStyle: 'short', sortScheduleLists: false };
</script>