Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anyone looked at security features of D programming language compared to Spark?

From: James Walden <jwalden () eecs utoledo edu>
Date: Fri, 23 Apr 2004 04:31:48 +0100

ljknews wrote:

At 11:56 AM -0700 4/22/04, Jim & Mary Ronback wrote:
Safety critical sofware has a lot of overlap with the requirements for 


high security software.



Can anyone think of any _differences_ between those domain (process and
code-wise, not regulatory-wise).


I think the primary difference is that security focuses on failures that 
are a result of an attacker's intentional actions, while safety focuses 
on unintentional failures.  A buffer overflow is both a safety and a 
security failure, as an overflow can cause a program to crash as well as 
causing it to execute unintended actions.  However, while both security 
and safety design processes will attempt to avoid such failures, the 
actions they take to minimalize the impact of failures when they occur 
are likely different.  For example, the security design might require 
that the program only have minimal privileges, in order to reduce the 
attacker's access in case an exploitable buffer overflow makes it into 
the final code, while the safety design might have a redundant system to 
 ensure that the action is carried out successfully by a different program.


--
James Walden, Ph.D.
Visiting Assistant Professor of EECS
The University of Toledo @ LCCC
http://www.eecs.utoledo.edu/~jwalden/
[EMAIL PROTECTED]
Previous By Date Next
Previous By Thread Next

Current thread: