Sciweavers

IAW
2003
IEEE

Insecure Programming: How Culpable is a Language's Syntax?

14 years 5 months ago
Insecure Programming: How Culpable is a Language's Syntax?
— Vulnerabilities in software stem from poorly written code. Inadvertent errors may creep in due to programmers not being aware of the security implications of their code. Writing secure code is largely a software engineering issue requiring the education of programmers about safe coding practices. Various projects and efforts such as memory usage profiling, meta-compilation and typing proofs that verify correctness of the code at compile-time and runtime provide additional assistance in this regard. In this paper, we point out that in the context of security, one aspect that is perhaps underrated or overlooked is that vulnerabilities may be inherent in the syntax and grammar of a programming language itself. We leverage on some well-studied problems to show that small syntactic discrepancies may lead to vast semantic differences in programs and in turn, correlate to hard security errors. Our work will help caution programmers on the types of errors to avoid as well as serve as a gu...
Ramkumar Chinchani, Anusha Iyer, Bharat Jayaraman,
Added 04 Jul 2010
Updated 04 Jul 2010
Type Conference
Year 2003
Where IAW
Authors Ramkumar Chinchani, Anusha Iyer, Bharat Jayaraman, Shambhu J. Upadhyaya
Comments (0)