What is a Secure Programming Language?

C. Cifuentes, G. Bierman
{"title":"What is a Secure Programming Language?","authors":"C. Cifuentes, G. Bierman","doi":"10.4230/LIPIcs.SNAPL.2019.3","DOIUrl":null,"url":null,"abstract":"Our most sensitive and important software systems are written in programming languages that are inherently insecure, making the security of the systems themselves extremely challenging. It is often said that these systems were written with the best tools available at the time, so over time with newer languages will come more security. But we contend that all of today’s mainstream programming languages are insecure, including even the most recent ones that come with claims that they are designed to be “secure”. Our real criticism is the lack of a common understanding of what “secure” might mean in the context of programming language design. We propose a simple data-driven definition for a secure programming language: that it provides first-class language support to address the causes for the most common, significant vulnerabilities found in real-world software. To discover what these vulnerabilities actually are, we have analysed the National Vulnerability Database and devised a novel categorisation of the software defects reported in the database. This leads us to propose three broad categories, which account for over 50% of all reported software vulnerabilities, that as a minimum any secure language should address. While most mainstream languages address at least one of these categories, interestingly, we find that none address all three. Looking at today’s real-world software systems, we observe a paradigm shift in design and implementation towards service-oriented architectures, such as microservices. Such systems consist of many fine-grained processes, typically implemented in multiple languages, that communicate over the network using simple web-based protocols, often relying on multiple software environments such as databases. In traditional software systems, these features are the most common locations for security vulnerabilities, and so are often kept internal to the system. In microservice systems, these features are no longer internal but external, and now represent the attack surface of the software system as a whole. The need for secure programming languages is probably greater now than it has ever been.","PeriodicalId":231548,"journal":{"name":"Summit on Advances in Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Summit on Advances in Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPIcs.SNAPL.2019.3","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6

Abstract

Our most sensitive and important software systems are written in programming languages that are inherently insecure, making the security of the systems themselves extremely challenging. It is often said that these systems were written with the best tools available at the time, so over time with newer languages will come more security. But we contend that all of today’s mainstream programming languages are insecure, including even the most recent ones that come with claims that they are designed to be “secure”. Our real criticism is the lack of a common understanding of what “secure” might mean in the context of programming language design. We propose a simple data-driven definition for a secure programming language: that it provides first-class language support to address the causes for the most common, significant vulnerabilities found in real-world software. To discover what these vulnerabilities actually are, we have analysed the National Vulnerability Database and devised a novel categorisation of the software defects reported in the database. This leads us to propose three broad categories, which account for over 50% of all reported software vulnerabilities, that as a minimum any secure language should address. While most mainstream languages address at least one of these categories, interestingly, we find that none address all three. Looking at today’s real-world software systems, we observe a paradigm shift in design and implementation towards service-oriented architectures, such as microservices. Such systems consist of many fine-grained processes, typically implemented in multiple languages, that communicate over the network using simple web-based protocols, often relying on multiple software environments such as databases. In traditional software systems, these features are the most common locations for security vulnerabilities, and so are often kept internal to the system. In microservice systems, these features are no longer internal but external, and now represent the attack surface of the software system as a whole. The need for secure programming languages is probably greater now than it has ever been.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
什么是安全编程语言?
我们最敏感和最重要的软件系统是用编程语言编写的,这些语言本质上是不安全的,这使得系统本身的安全性极具挑战性。人们常说,这些系统是用当时可用的最佳工具编写的,因此随着时间的推移,使用更新的语言将带来更多的安全性。但是我们认为,今天所有的主流编程语言都是不安全的,甚至包括那些声称它们被设计为“安全”的最新语言。我们真正的批评是缺乏对“安全”在编程语言设计上下文中可能意味着什么的共同理解。我们为安全编程语言提出了一个简单的数据驱动定义:它提供一流的语言支持,以解决在现实软件中发现的最常见、最重要的漏洞的原因。为了发现这些漏洞究竟是什么,我们分析了国家漏洞数据库,并设计了一个新的数据库中报告的软件缺陷分类。这导致我们提出了三大类,它们占所有报告的软件漏洞的50%以上,这是任何安全语言至少应该解决的问题。虽然大多数主流语言至少能解决其中一个问题,但有趣的是,我们发现没有一个语言能同时解决这三个问题。看看当今现实世界的软件系统,我们观察到设计和实现向面向服务的体系结构(如微服务)的范式转变。这样的系统由许多细粒度的进程组成,通常用多种语言实现,使用简单的基于web的协议在网络上进行通信,通常依赖于数据库等多种软件环境。在传统的软件系统中,这些特性是安全漏洞最常见的位置,因此通常保留在系统内部。在微服务系统中,这些特征不再是内部的,而是外部的,现在代表了整个软件系统的攻击面。现在对安全编程语言的需求可能比以往任何时候都要大。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
From Theory to Systems: A Grounded Approach to Programming Language Education Linking Types for Multi-Language Software: Have Your Cake and Eat It Too AP: Artificial Programming Fission: Secure Dynamic Code-Splitting for JavaScript Migratory Typing: Ten Years Later
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1