Secure Coding mailing list archives
[SC-L]
From: "Jeffrey W. Baker" <jwbaker () acm org>
Date: Fri, 12 Dec 2003 19:40:04 +0000
On Fri, 2003-12-12 at 07:05, Carl G. Alphonce wrote:
The editor of the list has expressed a desire that the discussion move away from "away from a discussion of the merits and !merits of a particular operating system", so here's a contribution in a different vein. I am a recent subscriber to this list and also an educator. I teach primarily undergraduate courses, often the first and second semester courses, and I am very interested to hear from the list what you all consider to be important "secure coding" topics to cover in these first-year classes. Also, what topics to you feel should be covered in an undergraduate curriculum but later than the first year?
I am not an educator (or even educated), but I interview a lot of recent graduates so perhaps I have something to say here. In my recent experience, certain institutions are turning out graduates in computer science whose understanding of the actual computer is quite limited. These people know how to program in high-level languages, Java or Pascal for example, and they can use an operating system, but they wouldn't know what to do with an 8-bit shift register. In the present world, I don't think you can write a secure program unless you recognize the term "smashing the stack" and you know how to do it. You'll never write a secure program if you can't understand what might happen if your cushy JVM security protections break down. It's not possible to avoid shell code injection when you don't know what shell code is or why that might be bad. If you want to write secure code, you will start with the very basics. You must understand how your program is executed by the operating system, how the CPU and the kernel treat memory, what protection is enforced by the hardware, by the kernel, and by policy, and which is more or less likely to fail. After you understand all that, you must learn to take input from untrusted sources and do something useful with it, safely.
To give you some context, our first-year sequence currently takes an OO approach, incorporating design patterns and discussions of the merits of alternative designs. We also introduce some team-based work in the second semester, and I am will begin to incorporate test-first practices (using JUnit) this coming spring semester.
This seems very unlikely to teach secure practices. Your students will know how to interact with object services, virtual machines, containers, factories, enumerators, Grady, Booch, and Gilligan. But if their adversary is trying to interact with the computer, they are outmatched. -jwb
Current thread:
- [SC-L] Jeffrey W. Baker (Dec 12)
- Re: [SC-L] Crispin Cowan (Dec 12)
- Re: (Shellcode Injection) ljknews (Dec 13)
- Re: (Shellcode Injection) Crispin Cowan (Dec 13)
- Re: (Shellcode Injection) ljknews (Dec 14)
- Re: (Shellcode Injection) Crispin Cowan (Dec 14)
- Re: (Shellcode Injection) ljknews (Dec 15)
- Re: (Shellcode Injection) Crispin Cowan (Dec 15)
- Re: (Shellcode Injection) ljknews (Dec 13)
- The right tool for the right job, quit beating on the C language Dana Epp (Dec 14)
- Re: The right tool for the right job, quit beating on the C language ljknews (Dec 14)
- Re: [SC-L] Crispin Cowan (Dec 12)
- Re: (Shellcode Injection) Louis Solomon [SteelBytes] (Dec 15)