Pass the SALT 2026

The Rust ecosystem is often praised for its "harmonized chaos" of crates, but a new trend is emerging in security-critical tools: the total avoidance of dependencies. While projects like sudo-rs aim to reduce the supply chain attack surface, this architectural choice comes with a cost. During my PhD work on RootAsRole, I discovered that dependencies minimisation leads to monolithic designs where security logic is tightly coupled to use-cases.

This talk explores the friction between security-hardened isolation and the community’s need for reusable, battle-tested components. When we refuse to depend on others, we stop contributing to shared building blocks. We end up reinventing the wheel, forking unmaintained libraries, and scattering security expertise across dozens of "independent" forks. I will share many insights about what is the Good, the Bad and the Ugly.

Bim bam PAM! In this talk, we’re diving into the kitchen of system security to look at the PAM (Pluggable Authentication Modules) architecture.

We’ll start by deconstructing the classic PAM lifecycle. But instead of just "wrapping" the C API in Rust and hoping for the best, we’ll introduce nonstick. The secret sauce? We will demonstrate how nonstick uses Rust's design to encode the PAM expected behavior directly into the compiler.