ARLINGTON, Va. – U.S. military researchers will brief industry later this month on an upcoming project to develop the ability to translate old software written in the C programming language automatically to the Rust programming language in efforts to enhance efficiency and resistance to cyber attacks.
Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., will conduct a hybrid proposers day for the upcoming Translating All C TO Rust (TRACTOR) program from 10 a.m. to 2 p.m. on 26 Aug. 2024 in Arlington, Va.
Briefings will be at the Strategic Analysis Executive Conference Center, 4075 Wilson Blvd Suite 300, in Arlington, Va. Briefings are free to attend.
The TRACTOR program aims to achieve a high degree of automation towards translating legacy C to Rust, with the same quality and style that a skilled Rust developer would employ, in hopes of permanently eliminating the entire class of memory safety security vulnerabilities present in C programs. Performers might employ combinations of static analysis, dynamic analysis, and large machine learning language models.
Related: Real-time software boosts mission- and life-critical credibility
The C programming language has been available since 1972, and many military software applications are written in C and its sister more-advanced programming language called C++. The C language is showing its age, and is vulnerable to modern cyber attacks.
Rust, on the other hand, has been available since 2015, and emphasizes performance, type safety, and concurrency. It enforces memory safety by pointing to valid memory without a garbage collector. Rust has far fewer cyber vulnerabilities than the older C language, experts say.
Buffer overflow vulnerabilities and other related memory-safety software flaws enable an attacker to inject messages that hijack control of a computer. These vulnerabilities are possible because programs written in C and C++ don’t force their developers to check conditions like array bounds or pointer arithmetic for correctness.
Related: Software tools to help programmers comply with MISRA C safety-critical introduced by LDRA
Newer languages like Rust can eliminate these kinds of cyber vulnerabilities completely, while preserving efficiency. Still, significant and expensive manual effort is necessary today to rewrite legacy code into Rust.
Although software experts have applied sophisticated tools in efforts to mitigate memory safety issues in C and C++, the software engineering community largely has concluded that bug-finding tools are not sufficient.
Those interested should register for the TRACTOR proposers day no later than 19 Aug. 2024 online at https://creative.gryphontechnologies.com/darpa/i2o/tractor/pd/?p=registration.
More information is online at https://sam.gov/opp/1e45d648886b4e9ca91890285af77eb7/view, and at the TRACTOR website at https://creative.gryphontechnologies.com/darpa/i2o/tractor/pd/.
