RE: Programming languages used for security

["David Crocker" <dcrocker () eschertech com>]

I think there are two other questions that should be asked before trying to
answer this:

1. Is it appropriate to look for a single "general purpose" programming
language? Consider the following application areas:

a) Application packages
b) Operating systems, device drivers, network protocol stacks etc.
c) Real-time embedded software

The features you need for these applications are not the same. For example,
garbage collection is very helpful for (a) but is not acceptable in (b) and (c).
For (b) you may need to use some low-level tricks which you will not need for
(a) and probably not for (c).

2. Do we need programming languages at all? Why not write precise high-level
specifications and have the system generate the program, thereby saving time and
eliminating coding error? [This is not yet feasible for operating systems, but
it is feasible for many applications, including many classes of embedded
applications].

David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com


Kevin Wall wrote:

> >
   If a GENERAL PURPOSE programming language were designed by
   scratch by someone who was both a security expert and
   programming language expert, what would this language (and
   it's environment) look like?

   More specifically,

      + What set of features MUST such a language support (e.g.,
        strong static typing, etc.)?
      + Perhaps just as importantly, what set of features should
        the language omit (e.g., pointer arithmetic, etc.)?
      + What functionality should the accompanying libraries support
        (e.g., encryption, access control, etc.)?
      + What would be the optimal paradigm (from a theoretical, rather
        than pragmatic perspective) that such a language would fit into
        (e.g., object-oriented, functional, imperative, logic programming,
        etc.)? [Note: I mention "theoretical, rather than pragmatic" so
        that such a language would be unduly influenced by the fact that
        presently developers familiar with OO and imperative styles vastly
        out number all the others, with functional coming up a distant
        3rd.]
      + (Related to the previous item) Would such a language be compiled
        or interpreted or something in between.

Also, if anyone chooses to discuss these issues, let's leave things like
portability and performance out of the equation UNLESS you feel these
things directly have an impact on secure coding. I think that we can
all agree that we'd desire a portable and fast-executing language
(although perhaps a slow-executing language would be more secure in
that it might slow down the propagation of malware ;-).
<<