不安全的阻抗:安全语言和安全设计软件

Lee Barney, Adolfo Neto
{"title":"不安全的阻抗:安全语言和安全设计软件","authors":"Lee Barney, Adolfo Neto","doi":"arxiv-2407.13046","DOIUrl":null,"url":null,"abstract":"In December 2023, security agencies from five countries in North America,\nEurope, and the south Pacific produced a document encouraging senior executives\nin all software producing organizations to take responsibility for and\noversight of the security of the software their organizations produce. In\nFebruary 2024, the White House released a cybersecurity outline, highlighting\nthe December document. In this work we review the safe languages listed in\nthese documents, and compare the safety of those languages with Erlang and\nElixir, two BEAM languages. These security agencies' declaration of some languages as safe is necessary\nbut insufficient to make wise decisions regarding what language to use when\ncreating code. We propose an additional way of looking at languages and the\nease with which unsafe code can be written and used. We call this new\nperspective \\em{unsafe impedance}. We then go on to use unsafe impedance to\nexamine nine languages that are considered to be safe. Finally, we suggest that\nbusiness processes include what we refer to as an Unsafe Acceptance Process.\nThis Unsafe Acceptance Process can be used as part of the memory safe roadmaps\nsuggested by these agencies. Unsafe Acceptance Processes can aid organizations\nin their production of safe by design software.","PeriodicalId":501197,"journal":{"name":"arXiv - CS - Programming Languages","volume":"21 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Unsafe Impedance: Safe Languages and Safe by Design Software\",\"authors\":\"Lee Barney, Adolfo Neto\",\"doi\":\"arxiv-2407.13046\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In December 2023, security agencies from five countries in North America,\\nEurope, and the south Pacific produced a document encouraging senior executives\\nin all software producing organizations to take responsibility for and\\noversight of the security of the software their organizations produce. In\\nFebruary 2024, the White House released a cybersecurity outline, highlighting\\nthe December document. In this work we review the safe languages listed in\\nthese documents, and compare the safety of those languages with Erlang and\\nElixir, two BEAM languages. These security agencies' declaration of some languages as safe is necessary\\nbut insufficient to make wise decisions regarding what language to use when\\ncreating code. We propose an additional way of looking at languages and the\\nease with which unsafe code can be written and used. We call this new\\nperspective \\\\em{unsafe impedance}. We then go on to use unsafe impedance to\\nexamine nine languages that are considered to be safe. Finally, we suggest that\\nbusiness processes include what we refer to as an Unsafe Acceptance Process.\\nThis Unsafe Acceptance Process can be used as part of the memory safe roadmaps\\nsuggested by these agencies. Unsafe Acceptance Processes can aid organizations\\nin their production of safe by design software.\",\"PeriodicalId\":501197,\"journal\":{\"name\":\"arXiv - CS - Programming Languages\",\"volume\":\"21 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Programming Languages\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2407.13046\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2407.13046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

2023 年 12 月,来自北美、欧洲和南太平洋五个国家的安全机构编制了一份文件,鼓励所有软件生产组织的高级管理人员对其组织生产的软件的安全性负责和监督。2024 年 2 月,白宫发布了一份网络安全纲要,强调了 12 月份的文件。在这项工作中,我们回顾了这些文件中列出的安全语言,并将这些语言的安全性与 Erlang 和Elixir 这两种 BEAM 语言进行了比较。这些安全机构将某些语言宣布为安全语言是必要的,但不足以让我们在创建代码时明智地决定使用哪种语言。我们提出了另一种看待语言的方法,以及编写和使用不安全代码的可能性。我们将这种新视角称为 "不安全阻抗"。然后,我们将使用不安全阻抗来考察九种被认为是安全的语言。最后,我们建议业务流程包含我们称之为 "不安全验收流程 "的内容。"不安全验收流程 "可作为这些机构建议的内存安全路线图的一部分。不安全验收流程可以帮助企业生产安全的设计软件。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Unsafe Impedance: Safe Languages and Safe by Design Software
In December 2023, security agencies from five countries in North America, Europe, and the south Pacific produced a document encouraging senior executives in all software producing organizations to take responsibility for and oversight of the security of the software their organizations produce. In February 2024, the White House released a cybersecurity outline, highlighting the December document. In this work we review the safe languages listed in these documents, and compare the safety of those languages with Erlang and Elixir, two BEAM languages. These security agencies' declaration of some languages as safe is necessary but insufficient to make wise decisions regarding what language to use when creating code. We propose an additional way of looking at languages and the ease with which unsafe code can be written and used. We call this new perspective \em{unsafe impedance}. We then go on to use unsafe impedance to examine nine languages that are considered to be safe. Finally, we suggest that business processes include what we refer to as an Unsafe Acceptance Process. This Unsafe Acceptance Process can be used as part of the memory safe roadmaps suggested by these agencies. Unsafe Acceptance Processes can aid organizations in their production of safe by design software.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Memory Consistency and Program Transformations No Saved Kaleidosope: an 100% Jitted Neural Network Coding Language with Pythonic Syntax Towards Quantum Multiparty Session Types The Incredible Shrinking Context... in a decompiler near you Scheme Pearl: Quantum Continuations
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1