Security Assessment of Memory Safe/Unsafe Languages

: A Framework for Automatic Comparison Between C/C++ and Rust

Abstract

In this thesis, we present a framework for automatically comparing the security properties
of memory unsafe languages (C/C+) and a memory safe language (Rust), in the context
of automated transpilation. While Rust enforces memory safety through its ownership
based resource management, it still permits the use of unsafe operations through explicit
unsafe blocks. Furthermore, logical errors can still occur despite its safety guarantees.
Our framework is divided into three main components. First, we measure the usage of
unsafe code in the Rust ecosystem by crawling its package registry. We compute the ratio
of unsafe lines to total lines of code per crate for the 100 most popular crates and observe
that unsafe is mostly used for FFI interoperability with C/C++.
Second, we implement a use-after-free detection system for both C and manually
transpiled Rust by guiding angr with a typesate system. Using the Juliet synthetic
vulnerability dataset, our tool successfully detects 100% of targeted vulnerabilities in C,
and in our unsafe manually translated Rust subset with the exception of programs that
involve non-determinism or features that do not exists in Rust.
Third, we build C and Rust libraries for integrating custom intrinsics to model invariants
and detect stack based buffer overflows to prove its efficacy. Once again, angr checks the
assumptions without issue for C but, stalls on test involving non-determinism for Rust.
Lastly, we experiment with machine learning and graph distance based similarity analysis
to compare C/C++ and Rust binaries. Using a genetic algorithm to derive the optimal
feature weights on the Juliet dataset, we find that naive cross-language perform poorly
due to structural differences between languages and limitation in automated transpilation.
Our results demonstrate the viability of automated tools using symbolic execution, while
highlighting challenges in cross-language analysis

Date of Award	13 Jul 2025
Original language	English
Awarding Institution	Université libre de Bruxelles Royal Military Academy (R.M.A.) UCLouvain - Université catholique de Louvain Universite de Namur Haute Ecole HE2B Haute École Libre de Bruxelles Ilya Prigogine
Supervisor	Jan Tobias Mühlberg (Promotor) & Antonio Paolillo (Co-promotor)