Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code
Blue Boar wrote: I seriously doubt that there is a programming language that can do anything useful that one can't do something stupid with. Gödel's Incompleteness Theorem: no non-trivial logic system can be both consistent (all proven theorems are true) and complete (all true theorems are provable). Blue Boar's Corollary: no non-trivial programming language can be both useful and safe :) Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code
Blue Boar wrote: To clarify, I'm talking about things like passing unfiltered user input to a system shell, or a native API, something like that. True. In the case of passing a user input string to the shell or a database server, you're accepting what's potential a program as input. However, if your language's type system considers that program to be a string, there's no way your compiler can perform relevant security checks. I've read papers on the topic of adding new data types like relational database tables or XML documents to existing languages (as Xen does for C#), expanding the type system to deal with such data directly instead of reducing it to a string that the compiler can't automatically type check. However, there are always going to be new programs to pass data to, and strings will always be a convenient choice of packaging new unknown data types, so I don't see this problem going away in the future, though particular attack instances like SQL injection may disappear. -- James Walden, Ph.D. Visiting Assistant Professor of EECS The University of Toledo @ LCCC http://www.eecs.utoledo.edu/~jwalden/ [EMAIL PROTECTED]
Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code
Peter Amey wrote: I would assert that using SPARK it is very /hard/ to something stupid and /impossible/ to do something stupid that wouldn't be obvious to the SPARK Examiner tool. In fact, the only way I can think of doing so would be to construct a formal specification for stupidity and then correctly implement it (which is clearly feasible). To clarify, I'm talking about things like passing unfiltered user input to a system shell, or a native API, something like that. I wasn't neccessarily referring to blowing up your buffers, etc... If SPARK is designed to stop things like that, then I'll happily go and try to do something stupid in it... My basic point (which I probably made poorly) is that a language that keeps one from blowing up their buffers, getting their signs wrong, etc... won't help logic errors and bad design. I have nothing against "secure" languages, and I'd be happy to see them in wider use. I was just sceptical about these libraries under discussion that can keep someone from introducing security holes. BB
RE: [SC-L] SPI, Ounce Labs Target Poorly Written Code
At 2:37 PM +0100 6/29/04, Peter Amey wrote: >> [mailto:[EMAIL PROTECTED] >> Behalf Of Blue Boar >> I seriously doubt that there is a programming language that can do >> anything useful that one can't do something stupid with. Never bet >> against the quality of idiots available in the world. :) >> > >Always willing to rise to a challenge. But I'll cover my bets by slightly changing >Blue Boar's words by adding "which wouldn't be obvious". > >I would assert that using SPARK it is very /hard/ to something stupid and >/impossible/ to do something stupid that wouldn't be obvious to the SPARK Examiner >tool. Certainly with SPARK one could use an incorrect specification (one that did not properly characterize the problem).
RE: [SC-L] SPI, Ounce Labs Target Poorly Written Code
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Blue Boar > Sent: 28 June 2004 21:35 > To: Kenneth R. van Wyk > Cc: [EMAIL PROTECTED] > Subject: Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code > > > Kenneth R. van Wyk wrote: > > The article quotes SPI Dynamics' CTO > > as saying, "It doesn't require developers to learn about > security," which > > strikes me as being a rather bold statement. > > I seriously doubt that there is a programming language that can do > anything useful that one can't do something stupid with. Never bet > against the quality of idiots available in the world. :) > Always willing to rise to a challenge. But I'll cover my bets by slightly changing Blue Boar's words by adding "which wouldn't be obvious". I would assert that using SPARK it is very /hard/ to something stupid and /impossible/ to do something stupid that wouldn't be obvious to the SPARK Examiner tool. In fact, the only way I can think of doing so would be to construct a formal specification for stupidity and then correctly implement it (which is clearly feasible). The first part of your challenge "that can do anything useful" is proved by the existence of real, useful prgorams written in SPARK. Peter ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. The IT Department at Praxis Critical Systems can be contacted at [EMAIL PROTECTED] This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ** This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk
Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code
Kenneth R. van Wyk wrote: The article quotes SPI Dynamics' CTO as saying, "It doesn't require developers to learn about security," which strikes me as being a rather bold statement. I seriously doubt that there is a programming language that can do anything useful that one can't do something stupid with. Never bet against the quality of idiots available in the world. :) BB
[SC-L] SPI, Ounce Labs Target Poorly Written Code
FYI, a couple of announcements from SPI Dynamics and Ounce Labs hit eWeek.com today -- see http://www.eweek.com/article2/0,1759,1617901,00.asp for the full text. According to the article, SPI Dynamics has released its "SecureObjects" product, which is a series of (presumably) securely written objects that developers can make use of for performing various security-related tasks (e.g., input validation) in their code. The article quotes SPI Dynamics' CTO as saying, "It doesn't require developers to learn about security," which strikes me as being a rather bold statement. Meanwhile, Ounce Labs has put out a new version of its Prexis source code scanner. It currently scans C and C++, but the article says that a Java version will be available in July. Reports of user experiences with these tools would be appreciated here. Cheers, Ken P.S. Anyone interested in seeing a bit of Budapest can check out some of the shots I took while I was there at http://www.vanwyk.org/ken/galleries.php -- KRvW Associates, LLC http://www.KRvW.com