Secure Coding mailing list archives
Re: Anyone looked at security features of D programming language compared to Spark?
From: James Walden <jwalden () eecs utoledo edu>
Date: Fri, 23 Apr 2004 04:31:48 +0100
ljknews wrote: At 11:56 AM -0700 4/22/04, Jim & Mary Ronback wrote: Safety critical sofware has a lot of overlap with the requirements for
high security software.
Can anyone think of any _differences_ between those domain (process and code-wise, not regulatory-wise). I think the primary difference is that security focuses on failures that are a result of an attacker's intentional actions, while safety focuses on unintentional failures. A buffer overflow is both a safety and a security failure, as an overflow can cause a program to crash as well as causing it to execute unintended actions. However, while both security and safety design processes will attempt to avoid such failures, the actions they take to minimalize the impact of failures when they occur are likely different. For example, the security design might require that the program only have minimal privileges, in order to reduce the attacker's access in case an exploitable buffer overflow makes it into the final code, while the safety design might have a redundant system to ensure that the action is carried out successfully by a different program. -- James Walden, Ph.D. Visiting Assistant Professor of EECS The University of Toledo @ LCCC http://www.eecs.utoledo.edu/~jwalden/ [EMAIL PROTECTED]
Current thread:
- Anyone looked at security features of D programming language? Kenneth R. van Wyk (Apr 19)
- Re: Anyone looked at security features of D programming language? James Walden (Apr 21)
- Re: Anyone looked at security features of D programming language? Greenarrow 1 (Apr 22)
- Anyone looked at security features of D programming language compared to Spark? Jim & Mary Ronback (Apr 22)
- Re: Anyone looked at security features of D programming language compared to Spark? ljknews (Apr 22)
- Re: Anyone looked at security features of D programming language compared to Spark? Kenneth R. van Wyk (Apr 22)
- Re: Anyone looked at security features of D programming language compared to Spark? James Walden (Apr 22)
- Re: Anyone looked at security features of D programming language compared to Spark? der Mouse (Apr 23)
- Re: Anyone looked at security features of D programming language? Greenarrow 1 (Apr 22)
- Re: Anyone looked at security features of D programming language? Crispin Cowan (Apr 23)
- Re: Anyone looked at security features of D programming language? James Walden (Apr 21)