Information Security
- threat-mitigation programming secure-coding
- Updated Tue, 02 Aug 2022 13:26:07 GMT
-
Are there "secure" languages?
Are there any programming languages that are designed to be robust against hacking?
In other words, an application can be hacked due to a broken implementation, even though the design is perfect. I'm looking to reduce the risk of a developer incorrectly implementing a specification.
For example
Heartbleed would not have happened if the language used could guard against a Buffer Over-Read.
SQL Injections might not happen if there was a language enforced way to encode/decode HTML data
Sensitive data can be saved to Pagefiles in some languages where low-level controls of securely erasing memory aren't available.
Pointer issues/overflows occur more often in C when compared to managed code
Numerical rounding errors can occur when using the developer uses the wrong datatype for the wrong data
Denial Of Service attacks might be reduced if the app is correctly is multi-threaded
Code signing may reduce the threat of runtime security issues (link, link)
Question
- Is there a language that addresses many or most of these issues? It's acceptable for the language to be scoped for a particular use-case such as WebApps, Desktop, Mobile, or Server usages.
Edit: A lot of people addressed the buffer-overflow issue, or say that the programmer is responsible for security. I'm just trying to get an idea if there exist languages whose main purpose was to lend itself to security as much as possible and reasonable. That is, do some languages have features that make them clearly more (or less) secure than most other languages?
Solution
The Ada language is designed to prevent common programming errors as much as possible and is used in critical systems where a system bug might have catastrophic consequences.
A few examples where Ada goes beyond the typical built-in security provided by other modern languages:
Integer range type allows specifying an allowed range for an integer. Any value outside of this range will throw an exception (in languages that do not support a range type, a manual check would have to be performed).
:=for assignment=for equality checks. This avoids the common pitfall in languages that use=for assignment and==for equality of accidentally assigning when an equality check was meant (in Ada, an accidental assignment would not compile).inandoutparameters that specify whether a method parameter can be read or writtenavoids problems with statement group indentation levels (e.g. the recent Apple SSL bug) due to the use of the
endkeywordcontracts (since Ada 2012, and previously in the SPARK subset) allow methods to specify preconditions and postconditions that must be satisifed
There are more examples of how Ada was designed for security provided in the Safe and Secure Booklet (PDF).
Of course, many of these issues can be mitigated through proper coding style, code review, unit tests, etc. but having them done at the language level means that you get it for free.
It is also worth adding that despite the fact that a language designed for security such as Ada removes many classes of bugs, there is still nothing stopping you from introducing business logic bugs that the language doesn't know anything about.
Comments (5)
- +1 – +1 for referencing the Safe and Secure Booklet — Apr 14, 2014 at 19:28
- +0 – And yet, all of Ada's safety didn't prevent the Ariane 5 failure. — Apr 14, 2014 at 20:45
- +9 – This is a nitpick but it's not having two different operators for assignment/comparison that allows Ada to do that. After all,
=and==are different, too. Python distinguishes=(assignment) and==(comparison), and "won't compile" (SyntaxErrorexception) when they are misused. I think the main point of using:=/=rather than=/==is to prevent typos. — Apr 14, 2014 at 21:35 - +3 – @ChrisDown Of course not. That's simple comparison.
if 'a' = 'b':on the other hand... — Apr 15, 2014 at 13:17 - +2 – @RobertHarvey Doesn't matter, the engineers used a hardware system (happened to use ADA), designed for the Ariane 4 flightpath, where it worked just fine, and then tried to use it for something it was NOT designed for (Ariane 5 flightpath) - also the fact that they had to override anything just proves more to the point that they were aware of what they were doing and had to take active steps (because of the language) to do bad things — Apr 15, 2014 at 15:22
External Links
External links referenced by this document:
- http://cwe.mitre.org/data/definitions/126.html
- http://en.wikipedia.org/wiki/Ada_(programming_language)
- http://en.wikipedia.org/wiki/Data_Execution_Prevention
- https://security.stackexchange.com/a/74281/396
- https://stackoverflow.com/a/402944/328397
- https://stackoverflow.com/q/2525/328397
- https://stackoverflow.com/q/3655263/328397
- https://stackoverflow.com/q/916081/328397
- http://www.adacore.com/uploads_gems/Ada_Safe_and_Secure_Booklet.pdf
- https://www.imperialviolet.org/2014/02/22/applebug.html
- http://www.joelonsoftware.com/articles/Wrong.html
Linked Articles
Local articles referenced by this article: