Improving Government Software with Rust

Aug 4, 2024

Notes on Government Software and Memory Safety

Introduction

  • Quality of government code has been criticized (e.g., healthcare.gov fiasco).
  • Recent efforts to improve cybersecurity and service resilience.

Research on Programming Languages

  • U.S. government research on safe programming languages for cybersecurity.
  • Goal: Reduce memory safety vulnerabilities.
  • Focus on programming languages as primary building blocks, complemented by hardware architectures and formal methods.

Conclusion of Research

  • Recommended use of memory safe languages: C, Go, Java, Python, Rust, Swift.
  • Importance of transitioning away from unsafe C code.

The Tractor Program

  • Aims to automate the translation of Legacy C code to Rust.
  • Goal: Achieve quality and style akin to skilled Rust developers.
  • Will utilize static analysis, dynamic analysis, and machine learning techniques.

Challenges with C Code

  • C code is prone to memory safety issues (e.g., referencing changed memory).
  • Vulnerabilities can be exploited easily due to unsafe memory handling.

Software Architecture Perspectives

  • Quotes from experts emphasize the need for foundational safeguards.
  • Memory safety vulnerabilities are linked to significant cyber attacks.

Why Rust?

  • Rust chosen for its strong memory safety features:
    • Restricts unsafe programming practices at compile time.
    • Code can remain stable over time, reducing the risk of breaking changes.
  • Trade-offs:
    • Slower iteration speed, longer compilation times due to strict safety checks.
    • Less flexibility during development, requiring thorough planning.

Government Software Development Process

  • Government projects often go through extensive planning phases.
  • Changes during development are typically discouraged, leading to rigid project timelines.
  • Contractors may leave post-project, leading to loss of context in updates.

Rust’s Advantages for Government Software

  • Trustworthiness: Rust code is less likely to have hidden behaviors.
  • Code maintainability over long periods without significant changes.
  • Lower likelihood of introducing breaking changes when adding new features.

Conclusion

  • The transition from C to Rust emphasizes safer coding practices in government software.
  • Potential for long-term improvements in software security and resilience.
  • Future considerations: Implementation of AI in code translation may require careful oversight.