Evidence shows that the software we rely on every day is simply not trustworthy. Why do we have so much trouble crafting robust computer programs? Reading the literature which enumerates mistakes made while programming will help you begin to draw general conclusions about what is wrong with the state of practice.
There are many examples in the literature of designs that advance the state of the art in crafting robust programs. While reading these papers, you should ask yourself, “how do these designs categorically remove errors described by the ‘mistake’ papers”, and “how could we further improve these designs by making their protections more mandatory?“
Access control systems
Programmers craft programs which transform universal Turing machines into machines which serve a particular purpose. Attackers find ways to break out of these particular machines and thus restore access to the underlying universal machine. Access controls serve to constrain programs such that they are given only least privilege.
There is a limit to access control systems. Dan Bernstein points out in “Some thoughts on security after ten years of qmail 1.0” that even least privilege is too much. Put another way, computer programs themselves will be able to violate security requirements even with the most tightly-designed access controls. Robust systems must both make the act of programming robust applications easier and provide access controls to sufficiently restrict applications.
Reading and writing systems papers
Reading and writing systems papers is unlike reading for leisure and informal writing.
See also Dan Bernstein's The devil's guide to citing the literature.
Did you think you were going to get away with avoiding our papers?
See our publications. We recommend the following order:
- “Simple-to-use, secure-by-design networking in Ethos”
- “MinimaLT: Minimal-latency networking through better security”
- “Ethos' deeply integrated distributed types”
- “On the generality and convenience of Etypes”