It's Time to Abandon Insecure Languages
Arnold G. Reinhold
reinhold at world.std.com
Sun Jul 21 17:50:25 EDT 2002
Language wars have been with us since the earliest days of computing
and we are obviously not going to resolve them here. It seems to me
though, that cryptographic tools could be use to make to improve the
reliability and security of C++ by providing ways to manage risky
usages.
I have in mind a modified development environment that detects
dangerous programming instances like pointer arithmetic, assignments
in "if" statements, C (as opposed to C++) strings, char array
declarations, maloc's etc. Methods where such usage is necessary
would be signed by the author and one or more reviewers, with the
signature embedded inside a special comment statement. The
development environment would then check whether only approved usages
are present and, if so, sign the executable file. Final versions of
code would be built on trusted servers whose compilers could not be
tampered with and whose private key is not accessible to the
developers.
Implementing such an environment should not be difficult. No real
language changes would be involved, beyond reserving a standardized
comment prefix for signatures. Most programmers would only be able to
employ safe objects and constructs. The few instances where
dangerous usages were really needed would be limited, visible and
require authorization.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list