www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Attacking Attack Patterns

reply "Manfred_Nowak" <svv1999 hotmail.com> writes:
http://cwe.mitre.org/top25/
shows patterns of attacs.

Does someone see a way to use D design patterns to stop attack patterns?

-manfred
Feb 19 2010
next sibling parent reply retard <re tard.com.invalid> writes:
Fri, 19 Feb 2010 19:44:14 +0000, Manfred_Nowak wrote:

 http://cwe.mitre.org/top25/
 shows patterns of attacs.
 
 Does someone see a way to use D design patterns to stop attack patterns?

At least I can see a lot of reasons why D is vulnerable to many of those low level attacks because of the desire to be able to control every possible bit state in the program. In fact D is even worse than Java/C# from this point of view. At least in the web environment some state of the art technologies immediately come to mind http://lambda-the- ultimate.org/node/3068
Feb 19 2010
next sibling parent Walter Bright <newshound1 digitalmars.com> writes:
retard wrote:
 Fri, 19 Feb 2010 19:44:14 +0000, Manfred_Nowak wrote:
 
 http://cwe.mitre.org/top25/
 shows patterns of attacs.

 Does someone see a way to use D design patterns to stop attack patterns?

At least I can see a lot of reasons why D is vulnerable to many of those low level attacks because of the desire to be able to control every possible bit state in the program. In fact D is even worse than Java/C# from this point of view.

D has safe mode, which when used offers as much safety as C# or Java. Note that you can do unsafe things in C# if you so choose.
 At least in the web environment some state of 
 the art technologies immediately come to mind http://lambda-the-
 ultimate.org/node/3068

Feb 19 2010
prev sibling next sibling parent Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
retard wrote:
 Fri, 19 Feb 2010 19:44:14 +0000, Manfred_Nowak wrote:
 
 http://cwe.mitre.org/top25/
 shows patterns of attacs.

 Does someone see a way to use D design patterns to stop attack patterns?

At least I can see a lot of reasons why D is vulnerable to many of those low level attacks because of the desire to be able to control every possible bit state in the program. In fact D is even worse than Java/C# from this point of view.

I guess SafeD wouldn't be the slouch of the three. Andrei
Feb 19 2010
prev sibling parent Justin Johansson <no spam.com> writes:
retard wrote:
 Fri, 19 Feb 2010 19:44:14 +0000, Manfred_Nowak wrote:
 
 http://cwe.mitre.org/top25/
 shows patterns of attacs.

 Does someone see a way to use D design patterns to stop attack patterns?

At least I can see a lot of reasons why D is vulnerable to many of those low level attacks because of the desire to be able to control every possible bit state in the program. In fact D is even worse than Java/C# from this point of view. At least in the web environment some state of the art technologies immediately come to mind

 http://lambda-the-ultimate.org/node/3068

Ur/Web sounds interesting. Have you actually tried it in anger?
Feb 19 2010
prev sibling next sibling parent reply Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
Manfred_Nowak wrote:
 http://cwe.mitre.org/top25/
 shows patterns of attacs.
 
 Does someone see a way to use D design patterns to stop attack patterns?
 
 -manfred

Bounds checking takes care of quite a few issues, but that's a banal thing to remark. One more interesting thing that I see doable (and have seen done in e.g. Perl) is the tainted attribute, which marks an untrusted string. That could help with [2], [6], [7], [9], [20]. Andrei
Feb 19 2010
parent Walter Bright <newshound1 digitalmars.com> writes:
Andrei Alexandrescu wrote:
 One more interesting thing that I see doable (and have seen done in e.g. 
 Perl) is the  tainted attribute, which marks an untrusted string. That 
 could help with [2], [6], [7], [9], [20].

I agree that engaging the type system's help to track untrusted data through the code can be very helpful.
Feb 19 2010
prev sibling parent reply "Robert Jacques" <sandford jhu.edu> writes:
On Fri, 19 Feb 2010 14:44:14 -0500, Manfred_Nowak <svv1999 hotmail.com>  
wrote:

 http://cwe.mitre.org/top25/
 shows patterns of attacs.

 Does someone see a way to use D design patterns to stop attack patterns?

 -manfred

I really don't like this list because its a list of unsecure coding patterns and not dangerous one. The only one of them has ever killed anyone (race conditions, #25), the rest just lead to identity theft. I'd also put "poorly written error messages", "integer overflows" and "corrupting datafiles" up there as things that have killed people. Anyways, in response to your question D's concurrency strategy should make it (relatively) difficult to cause races. And most of the attack patterns are at a higher level than raw code.
Feb 19 2010
next sibling parent Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
Robert Jacques wrote:
 On Fri, 19 Feb 2010 14:44:14 -0500, Manfred_Nowak <svv1999 hotmail.com> 
 wrote:
 
 http://cwe.mitre.org/top25/
 shows patterns of attacs.

 Does someone see a way to use D design patterns to stop attack patterns?

 -manfred

I really don't like this list because its a list of unsecure coding patterns and not dangerous one. The only one of them has ever killed anyone (race conditions, #25), the rest just lead to identity theft. I'd also put "poorly written error messages", "integer overflows" and "corrupting datafiles" up there as things that have killed people. Anyways, in response to your question D's concurrency strategy should make it (relatively) difficult to cause races. And most of the attack patterns are at a higher level than raw code.

As far as I can tell low-level races are impossible in SafeD. Andrei
Feb 19 2010
prev sibling parent Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
Robert Jacques wrote:
 On Fri, 19 Feb 2010 14:44:14 -0500, Manfred_Nowak <svv1999 hotmail.com> 
 wrote:
 
 http://cwe.mitre.org/top25/
 shows patterns of attacs.

 Does someone see a way to use D design patterns to stop attack patterns?

 -manfred

I really don't like this list because its a list of unsecure coding patterns and not dangerous one. The only one of them has ever killed anyone (race conditions, #25), the rest just lead to identity theft. I'd also put "poorly written error messages", "integer overflows" and "corrupting datafiles" up there as things that have killed people. Anyways, in response to your question D's concurrency strategy should make it (relatively) difficult to cause races. And most of the attack patterns are at a higher level than raw code.

Oh hey... null pointer dereference is not on the list :o). Andrei
Feb 19 2010