1. High Assurance Rust
  2. Frequently Asked Questions (FAQ)
  3. Engage with this Book!
  4. Sponsor Call for Proposals (CFP)
  5. Download
  6. Changelog
  7. License
  8. Novice: Systems Security
  9. Introduction
    1. Why this book?
    2. How is this book structured?
    3. Hands-on Learning
    4. About the Team
    5. Warmup: Environment Setup
  10. Software Assurance
    1. Static vs. Dynamic Tools
    2. Static Assurance (1/2)
    3. Static Assurance (2/2)
    4. Dynamic Assurance (1/3)
    5. Dynamic Assurance (2/3)
    6. Dynamic Assurance (3/3)
    7. Limitations and Threat Modeling
    8. DIY CLI Encryption Tool
    9. Operational Assurance (1/2)
    10. Operational Assurance (2/2)
    11. Challenge: Extend the CLI Tool
  11. Rust Zero-Crash Course
    1. On Undefined Behavior
    2. Rust: Low-Level Data (1/6)
    3. Rust: High-Level Data (2/6)
    4. Rust: Control Flow (3/6)
    5. Rust: Ownership Principles (4/6)
    6. Rust: Ownership in Practice (5/6)
    7. Rust: Error Handling (6/6)
    8. The Module System
    9. Recommended Tooling
    10. Rust's Release Cycle
    11. Challenge: Port a Program
  12. Understanding Memory Safety and Exploitation
    1. Software Perspective: CPU to Process
    2. Assurance Perspective: Stack Safety
    3. Attacker's Perspective: Breaking Safety (1/2)
    4. Attacker's Perspective: Unifying Theory (2/2)
    5. Debugging DIY Secret Obfuscation
    6. Stack Exploitation
    7. Software Perspective: Heap (1/2)
    8. Software Perspective: Heap (2/2)
    9. Heap Exploitation
    10. Rust's Memory Safety Guarantees (1/2)
    11. Rust's Memory Safety Guarantees (2/2)
    12. Language-agnostic Mitigations
    13. Case Study: Real-world Rust CVEs
    14. Challenge: Vulnerability Research
  13. Advanced Beginner: Core Project
  14. Binary Search Tree (BST) Basics
    1. Core BST Operations in Python
    2. Problems Translating to Rust
    3. The Importance of Balance
    4. TODO
    5. Challenge: TODO
  15. Building an Arena Allocator
    1. Let's Talk Allocators
    2. A Stack-Only Arena
    3. Index-based Data Structures
    4. TODO
    5. Challenge: TODO
  16. A Self-balancing BST
    1. Interface-relevant Traits
    2. Scapegoat Trees
    3. Insert
    4. Remove
    5. Find
    6. Challenge: TODO
  17. Digital Twin Testing
    1. Basic QEMU Internals
    2. How Semi-hosting Works
    3. CLI REPL Harness
    4. Limitations
    5. TODO
    6. Challenge: TODO
  18. Building Maps and Sets
    1. TODO
    2. Challenge: TODO
  19. Implementing Iterators
    1. TODO
    2. Challenge: TODO
  20. Competent: Validation and Deployment
  21. Static Verification
    1. An Introduction to 1st Order Logic
    2. Proving Absence of Panics
    3. Deductively Verifying our Arena Allocator
    4. Model Checking for unsafe Code
    5. TODO
    6. Challenge: Prove a Sorting Algorithm
  22. Dynamic Testing
    1. Introduction to Coverage-Guided Fuzzing
    2. Building a Differential Fuzzing Harness
    3. Using Miri to Detect Undefined Behavior
    4. Benchmarking and Optimization
    5. TODO
    6. Challenge: Bug-hunting with Fuzzers
  23. Operational Deployment
    1. Understanding unsafe (1/3)
    2. Understanding unsafe (2/3)
    3. Understanding unsafe (3/3)
    4. CFFI 101
    5. C99 Interoperability
    6. Python3 Interoperability
    7. Runtime Balance Reconfiguration
    8. TODO
    9. Challenge: TODO
  24. Maximizing Assurance
    1. Rust Security Research
    2. Rust's Limitations
    3. Best Practices Beyond Rust
    4. Tactical Trust (1/2)
    5. Tactical Trust (2/2)
    6. TODO
    7. Challenge: TODO
  25. Conclusion
  26. Review
    1. Key Concepts
    2. Key Blue-Team Skills
    3. Key Red-Team Skills
  27. Appendix
    1. Setup: Using our Docker Container
    2. Inventory: Tools of the Trade
    3. Inventory: Recommended Reading
    4. Inventory: Additional Resources
    5. Fundamentals: Stream Ciphers
    6. Fundamentals: Type Systems
    7. Fundamentals: Component-Based Design
    8. Fundamentals: Memory Hierarchy
    9. Fundamentals: Dynamic Linking
    10. Theory: Inter-procedural CFGs
    11. Misc: Size Optimization
    12. Misc: The Typestate Pattern
    13. Misc: C++ Interoperability
    14. Misc: Compile-time Metaprogramming