2005. Programming Languages Security - A Survey, страница 5
Описание файла
PDF-файл из архива "2005. Programming Languages Security - A Survey", который расположен в категории "". Всё это находится в предмете "конструирование компиляторов" из 7 семестр, которые можно найти в файловом архиве МГУ им. Ломоносова. Не смотря на прямую связь этого архива с МГУ им. Ломоносова, его также можно найти и в других разделах. .
Просмотр PDF-файла онлайн
Текст 5 страницы из PDF
It includes the Java Runtime Environment (JRE) which consists of a Java virtual machine, classlibraries, and other files that support the execution of programs written in the Java programming language.3.7Common Language Infrastructure (CLI), which has components for: exception handling, garbage collection and security.Common Language Runtime (CLR) is Microsoft’s implementation of the CLI..NET’s security mechanism has two features: code accesssecurity, and validation and verification. Code access securityuses the source4 of the assembly5 to determine the permissions to be granted to it.The CLR performs the validation and verification tests onthe loaded assembly.
Validation ensures that the assemblycontains valid metadata and CIL. The verification mechanismchecks to see if the code attempts to do anything that is “unsafe”. Unsafe code will generally only be executed if the assembly is installed on the local machine.The .NET framework is primarily supported only by theMicrosoft family of products, including the Windows ServerSystem, the Windows XP operating system, and the MicrosoftOffice System.
However, there are several open source development projects, such as Mono [61] (a project led by Novell,Inc.) that provide software for supporting .NET on differentoperating system platforms including Linux, Solaris, Mac OSX, and BSD (OpenBSD, FreeBSD, NetBSD).The .NET Framework SDK is free and includes compilers and various other utilities to aid development. Severallanguages have compilers for the .NET Framework, but onlya limited set is predominantly used and supported. Primeamong these are C#, Visual Basic .NET, C++/CLI, J#, JScript.NET. The Visual Studio .NET [60] integrated developmentenvironment is the major tool used for development.
The Express Edition is available as a free download, but the Standard,Professional and Team editions are available for a fee.3.8SchemeScheme [78] is a statically scoped dialect of the Lisp programming language. It is a small but powerful and productive language, designed to have clear and simple semantics.
Itsupports a wide variety of programming paradigms, includingimperative, functional, and object-oriented.Like most higher level languages, Scheme is memory-safe,in the sense that one cannot leak memory, nor write off the endof a buffer.Most Scheme systems are interactive, allowing programmers to incrementally develop and test parts of their program.It can also be compiled, to make programs run fast. Scheme is.NET Framework ArchitectureThe .NET Framework [59] is a software development platform, similar to Java, created by Microsoft.
.NET technology allows development in multiple programming languagesalong with an extensive standard library.The .NET Framework uses an intermediate languageknown as the Common Intermediate Language (CIL) to beplatform independent. Programming languages on the .NETFramework first compile into CIL and are thereafter compiledinto native code using just-in-time (JIT) compilation. Theamalgamation of these concepts is a specification called the4. Source refers to whether it is installed on a local machine or downloadedfrom a remote site.5.
An assembly is the building block of a .NET Framework application;they are complied and form an atomic functional unit that can be deployed.Assemblies exist as executable program files (.exe) or dynamic link library(.dll) files.9not usually quite as fast as C, and results can vary dependingon the compiler used.However there are several significant limitations that makeit unsuitable for writing large-scale security-critical code.Scheme is a strong, dynamically typed language. Every valuehas a type which can be ascertained; however it does not provide static checking of the types, instead all type checking isdone dynamically, at run-time, which means that there are noassurances that the program will not apply an operation at runtime to arguments for which it makes no sense.
This lack ofan expressive type system makes it harder to safely compileScheme to an efficient native form.There are no standard exception handling semantics; thestandard stipulates that certain actions result in an error, butthere is no standard facility for handling such errors when theyoccur.Scheme programs can make use of new derived expressiontypes, called macros. Scheme provides a hygienic macro system which is safer and often easier to work with than the fullyprogrammatic Lisp-style macros, though not as powerful.
Hygienic macros [50] are macros whose expansion is guaranteedto not cause name clashes with definitions already existingin the surrounding environment. However, if macros are notused judiciously the syntax of the program can change in undesired ways making it difficult to understand and semantically analyze what the program does.Since the Scheme standard is very conservative and specifies only the core language, many different implementationshave been developed.
The Scheme community is still considerably fragmented and so there is a very limited standardlibrary. Most libraries work only in specific implementations.The Scheme Request For Implementation (SRFI) [79] projectaims at resolving this.Most Schemes have FFI support to the native language(i.e.
the language used to implement the Scheme interpreter/compiler) allowing native code to be called fromScheme and vice versa [80].There are several implementations of Scheme, both freeand commercial, that run on various hardware platforms andoperating systems.4low-level data structures and memory management.Features of the C language such as pointer arithmetic, typecasting of pointers and other memory operations that can directly access raw memory make it suitable for writing lowlevel system programs which need high performance [66].Other factors in favor of C include - programmer experience, familiarity, portability and extensibility (it is easier touse existing C libraries).However, as application requirements have become increasingly sophisticated, C programs have had to contendwith frequent convoluted pointer computations, which leadsto efficient but insecure programs, and it is common beliefthat safety violations are likely to remain prevalent in C programs.The infamous buffer overflows, described as the “Vulnerability of the Decade” [20], are so widespread in C because it isinherently unsafe.
There is no automatic bounds-checking forarray and pointer references, and so, the onus is on the programmers to perform these checks. Also, many of the standard C library functions (such as, strcpy(), sprintf(), gets())are themselves unsafe and hence the programmer is responsible for bounds-checking these too. The process of insertingchecks that cover all possible paths is tedious and error-prone,and hence programmers often omit many of these checks.There could also be situations where programmers includechecks for all their code but use a dynamically linked librarywhich is linked in with the executable at runtime and so areprovided with no assurances about the safety of the C codewithin the library.In this section we present a survey of the diverse countermeasures that either seek to eliminate particular vulnerabilities or prevent them from being exploited while maintainingthe functionality of the system.The countermeasures are divided into several categoriesbased on how they tackle the problems.4.1Static Analysis of Source CodeStatic source code analyzers are automated tools that attemptto find software vulnerabilities by examining program sourcecode without having to execute the program.They are primarily designed to be used at developmenttime to diagnose common coding errors that contribute inmaking code unsafe.
They can be used as a first step in manually auditing source code. Using these tools is relatively easy;they take as input one or more source code files, and after inspecting them, produce an output which identifies potentiallyvulnerable areas of code.Detecting certain vulnerabilities, such as buffer overflows,by statically analyzing source code is, in general, an undecidable problem. The Halting Problem can be reduced to theOvercoming Security Flaws in CDespite all the security vulnerabilities known to be present inthe C programming language, it is still widely used for software development and has proved to be efficient and indispensable to programmers.
Developers continue to use C because of the trade-offs between safety and functionality. Potentially unsafe code is preferred over code that is inefficient,more memory-greedy and has control to a lesser extent over10buffer overflow detection problem [52]. Thus, analyzers willgenerate a lot of false positives (report bugs that the programdoes not contain) and/or false negatives (does not report bugsthat the program does contain). However, they are still capable of producing useful results.
The major advantage of staticanalyzers is that security flaws can be eliminated before thecode is deployed.As proposed by Younan et al. [100], static analyzers canbe fractioned into two classes based on whether they need thesource code to be semantically commented (annotated ) or not.4.1.1All user input is considered tainted and a run-time errorreported before a tainted value is used in an unsafe way [26].Splint is used on source code in an iterative manner. After the first run, the code or annotations are suitably modified based on the warnings produced.
