Secure Coding mailing list archives
Re: Programming languages used for security
From: ljknews <ljknews () mac com>
Date: Fri, 09 Jul 2004 19:31:19 +0100
At 8:49 AM -0500 7/9/04, Wall, Kevin wrote:
If a GENERAL PURPOSE programming language were designed by scratch by someone who was both a security expert and programming language expert, what would this language (and it's environment) look like? More specifically, + What set of features MUST such a language support (e.g., strong static typing, etc.)?
Such typing should include specification by the programmer of the range of values allowed in variables: -32767 to +32767, 0 to 100, 1 to 100, Characters a-z only, characters A-Z only, -10.863 to +4.368, etc. The language should also support exact specification of arithmetic operations to be performed for various types (overflow semantics, precision, decimal vs. binary arithmetic, etc.). This is important to ensure the desired behavior is obtained when one changes to a new compiler/interpreter, if only to have a program rejected as requiring behavior not supported on the new compiler or operating system.
+ Perhaps just as importantly, what set of features should the language omit (e.g., pointer arithmetic, etc.)? + What functionality should the accompanying libraries support (e.g., encryption, access control, etc.)? + What would be the optimal paradigm (from a theoretical, rather than pragmatic perspective) that such a language would fit into (e.g., object-oriented, functional, imperative, logic programming, etc.)? [Note: I mention "theoretical, rather than pragmatic" so that such a language would be unduly influenced by the fact that presently developers familiar with OO and imperative styles vastly out number all the others, with functional coming up a distant 3rd.] + (Related to the previous item) Would such a language be compiled or interpreted or something in between.
-- Larry Kilgallen
Current thread:
- Programming languages used for security Wall, Kevin (Jul 09)
- Re: Programming languages used for security Fabien (Jul 09)
- Re: Programming languages used for security ljknews (Jul 09)
- Re: Programming languages used for security Crispin Cowan (Jul 09)
- RE: Programming languages used for security David Crocker (Jul 09)
- Re: Programming languages used for security Crispin Cowan (Jul 09)
- Re: Programming languages used for security Dana Epp (Jul 10)
- Re: Programming languages used for security Crispin Cowan (Jul 10)
- RE: Programming languages used for security David Crocker (Jul 10)
- Re: Programming languages used for security der Mouse (Jul 10)
- Re: Programming languages used for security Crispin Cowan (Jul 09)
- Re: Programming languages used for security der Mouse (Jul 10)
- <Possible follow-ups>
- RE: Programming languages used for security Wall, Kevin (Jul 10)
- Re: Programming languages used for security James Walden (Jul 10)