Secure Coding mailing list archives
The Specifications of the Thing
From: mshines at purdue.edu (Michael S Hines)
Date: Tue, 12 Jun 2007 09:16:41 -0400
So - aren't a lot of the Internet security issues errors or omissions in the IETF standards - leaving things unspecified which get implemented in different ways - some of which can be exploited due to implementation flaws (due to specification flaws)? Mike H. ----------------------------- Michael S Hines mshines at purdue.edu -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Crispin Cowan Sent: Monday, June 11, 2007 5:50 PM To: Gary McGraw Cc: SC-L at securecoding.org; Blue Boar Subject: Re: [SC-L] Harvard vs. von Neumann Gary McGraw wrote:
Though I don't quite understand computer science theory in the same way
that Crispin does, I do think it is worth pointing out that there are two major kinds of security defects in software: bugs at the implementation level, and flaws at the design/spec level. I think Crispin is driving at that point.
Kind of. I'm saying that "specification" and "implementation" are relative to each other: at one level, a spec can say "put an iterative loop here" and implementation of a bunch of x86 instructions. At another level, specification says "initialize this array" and the implementation says "for (i=0; i<ARRAY_SIZE;i++){...". At yet another level the specification says "get a contractor to write an air traffic control system" and the implementation is a contract :) So when you advocate automating the implementation and focusing on specification, you are just moving the game up. You *do* change properties when you move the game up, some for the better, some for the worse. Some examples: * If you move up to type safe languages, then the compiler can prove some nice safety properties about your program for you. It does not prove total correctness, does not prove halting, just some nice safety properties. * If you move further up to purely declarative languages (PROLOG, strict functional languages) you get a bunch more analyzability. But they are still Turing-complete (thanks to Church-Rosser) so you still can't have total correctness. * If you moved up to some specification form that was no longer Turing complete, e.g. something weaker like predicate logic, then you are asking the compiler to contrive algorithmic solutions to nominally NP-hard problems. Of course they mostly aren't NP-hard because humans can create algorithms to solve them, but now you want the computer to do it. Which begs the question of the correctness of a compiler so powerful it can solve general purpose algorithms.
If we assumed perfection at the implementation level (through better
languages, say), then we would end up solving roughly 50% of the software security problem.
The 50% being rather squishy, but yes this is true. Its only vaguely what I was talking about, really, but it is true. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com AppArmor Chat: irc.oftc.net/#apparmor _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- Harvard vs. von Neumann, (continued)
- Harvard vs. von Neumann Blue Boar (Jun 10)
- Harvard vs. von Neumann der Mouse (Jun 10)
- Harvard vs. von Neumann Blue Boar (Jun 11)
- Harvard vs. von Neumann Crispin Cowan (Jun 10)
- Harvard vs. von Neumann David Crocker (Jun 11)
- Harvard vs. von Neumann der Mouse (Jun 11)
- Harvard vs. von Neumann David Crocker (Jun 11)
- Harvard vs. von Neumann Gary McGraw (Jun 11)
- Harvard vs. von Neumann ljknews (Jun 11)
- Harvard vs. von Neumann Crispin Cowan (Jun 11)
- The Specifications of the Thing Michael S Hines (Jun 12)
- The Specifications of the Thing Steven M. Christey (Jun 12)
- Harvard vs. von Neumann Steven M. Christey (Jun 12)
- Harvard vs. von Neumann Crispin Cowan (Jun 12)
- Harvard vs. von Neumann Blue Boar (Jun 12)
- Harvard vs. von Neumann Steven M. Christey (Jun 12)
- What's the next tech problem to be solved in software security? Kenneth Van Wyk (Jun 10)
- What's the next tech problem to be solved in softwaresecurity? McGovern, James F (HTSC, IT) (Jun 11)
- What's the next tech problem to be solved in softwaresecurity? Gary McGraw (Jun 11)