Information Security
threat-mitigation programming secure-coding
Updated Tue, 02 Aug 2022 13:26:07 GMT

Are there "secure" languages?


Are there any programming languages that are designed to be robust against hacking?

In other words, an application can be hacked due to a broken implementation, even though the design is perfect. I'm looking to reduce the risk of a developer incorrectly implementing a specification.

For example

Question

  • Is there a language that addresses many or most of these issues? It's acceptable for the language to be scoped for a particular use-case such as WebApps, Desktop, Mobile, or Server usages.

Edit: A lot of people addressed the buffer-overflow issue, or say that the programmer is responsible for security. I'm just trying to get an idea if there exist languages whose main purpose was to lend itself to security as much as possible and reasonable. That is, do some languages have features that make them clearly more (or less) secure than most other languages?




Solution

The Ada language is designed to prevent common programming errors as much as possible and is used in critical systems where a system bug might have catastrophic consequences.

A few examples where Ada goes beyond the typical built-in security provided by other modern languages:

  • Integer range type allows specifying an allowed range for an integer. Any value outside of this range will throw an exception (in languages that do not support a range type, a manual check would have to be performed).

  • := for assignment = for equality checks. This avoids the common pitfall in languages that use = for assignment and == for equality of accidentally assigning when an equality check was meant (in Ada, an accidental assignment would not compile).

  • in and out parameters that specify whether a method parameter can be read or written

  • avoids problems with statement group indentation levels (e.g. the recent Apple SSL bug) due to the use of the end keyword

  • contracts (since Ada 2012, and previously in the SPARK subset) allow methods to specify preconditions and postconditions that must be satisifed

There are more examples of how Ada was designed for security provided in the Safe and Secure Booklet (PDF).

Of course, many of these issues can be mitigated through proper coding style, code review, unit tests, etc. but having them done at the language level means that you get it for free.

It is also worth adding that despite the fact that a language designed for security such as Ada removes many classes of bugs, there is still nothing stopping you from introducing business logic bugs that the language doesn't know anything about.





Comments (5)

  • +1 – +1 for referencing the Safe and Secure Booklet — Apr 14, 2014 at 19:28  
  • +0 – And yet, all of Ada's safety didn't prevent the Ariane 5 failure. — Apr 14, 2014 at 20:45  
  • +9 – This is a nitpick but it's not having two different operators for assignment/comparison that allows Ada to do that. After all, = and == are different, too. Python distinguishes = (assignment) and == (comparison), and "won't compile" (SyntaxError exception) when they are misused. I think the main point of using :=/= rather than =/== is to prevent typos. — Apr 14, 2014 at 21:35  
  • +3 – @ChrisDown Of course not. That's simple comparison. if 'a' = 'b': on the other hand... — Apr 15, 2014 at 13:17  
  • +2 – @RobertHarvey Doesn't matter, the engineers used a hardware system (happened to use ADA), designed for the Ariane 4 flightpath, where it worked just fine, and then tried to use it for something it was NOT designed for (Ariane 5 flightpath) - also the fact that they had to override anything just proves more to the point that they were aware of what they were doing and had to take active steps (because of the language) to do bad things — Apr 15, 2014 at 15:22