Netscape Software Flaw

comp.lang.ada
 help / color / mirror / Atom feed

* Netscape Software Flaw
@ 1996-05-18  0:00 Robert C. Leif, Ph.D.
  1996-05-20  0:00 ` Rick LaRowe
  0 siblings, 1 reply; 3+ messages in thread
From: Robert C. Leif, Ph.D. @ 1996-05-18  0:00 UTC (permalink / raw)

To: Ada Community
From: Bob Leif,
Ada_Med
Subject: Netscape Software Flaw
Date: 18 May, 1996

The Business Day Section of the Saturday, May 18, 1996 New York Times has an
article, "New Netscape Software Flaw is Discovered", pages 17 and 29. The
author is John Markoff.  "Thomas Cargill an independent software consultant
working with the Princeton group, discovered a problem in the way Netscape
has used the Java language in its Navigator program."

Obvious question, would the use of Ada diminish the probabilities of this
type of problem and increase the security of Internet communication?  If so,
someone should communicate this to both John Markoff and Thomas Cargill.  I
would suspect that Ada's strong typing and runtime checking would help in
the detection of misbehaving programs.

Robert C. Leif, Ph.D., PMIAC,
Vice President & Research Director
Ada_Med, A Division of Newport Instruments
5648 Toyon Road
San Diego, CA 92115-1022
Tel. & Fax (619) 582-0437
e-mail rleif@mail.cts.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Netscape Software Flaw
  1996-05-18  0:00 Netscape Software Flaw Robert C. Leif, Ph.D.
@ 1996-05-20  0:00 ` Rick LaRowe
  0 siblings, 0 replies; 3+ messages in thread
From: Rick LaRowe @ 1996-05-20  0:00 UTC (permalink / raw)
  To: Robert C. Leif, Ph.D.

Bob Leif referred to an article on Java/Netscape security problems, and then asked:

> Obvious question, would the use of Ada diminish the probabilities of this
> type of problem and increase the security of Internet communication?  If so,
> someone should communicate this to both John Markoff and Thomas Cargill.  I
> would suspect that Ada's strong typing and runtime checking would help in
> the detection of misbehaving programs.

If you are suggesting the use of Ada for writing applets (via Intermetrics'
AppletMagic), then this really doesn't solve anything but accidental errors.
The real concern with Java and Netscape right now is that there are quite a
few security holes that enable clever, malicious folks to "attack" machines
on the net.  Being able to write an applet in Ada isn't going to affect an
attacker, since s/he will write in raw JVM byte codes if necessary.  That said,
it is fairly obvious that security must be enforced at the JVM level.

If what you were referring to was a whole new Java/JVM/Netscape implementation
scheme, then that's an entirely different thing.  And while I think Ada might
help quite a bit in this area, I think that the biggest thing that can be added
to the pot is the use of formal design methods to ensure a secure execution
environment.

Regards,
Rick LaRowe
------------------------------------------------------------------------------
Enterprise Computing Institute                 internet: rlarowe@ecii.org
1 Ash Street                                   phone: (508) 435-1900 x15
Hopkinton, MA 01748                                   (508) 435-2176 (fax)
------------------------------------------------------------------------------

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Netscape Software Flaw
@ 1996-05-20  0:00 Robert C. Leif, Ph.D.
  0 siblings, 0 replies; 3+ messages in thread
From: Robert C. Leif, Ph.D. @ 1996-05-20  0:00 UTC (permalink / raw)



To: Rick LaRowe
From: Bob Leif

Subject: Netscape Software Flaw

Date: 20 May, 1996

You wrote >
>
>If you are suggesting the use of Ada for writing applets (via Intermetrics'
>AppletMagic), then this really doesn't solve anything but accidental errors.
>The real concern with Java and Netscape right now is that there are quite a
>few security holes that enable clever, malicious folks to "attack" machines
>on the net.  Being able to write an applet in Ada isn't going to affect an
>attacker, since s/he will write in raw JVM byte codes if necessary.  That said,
>it is fairly obvious that security must be enforced at the JVM level.
>
>If what you were referring to was a whole new Java/JVM/Netscape implementation
>scheme, then that's an entirely different thing.  And while I think Ada might
>help quite a bit in this area, I think that the biggest thing that can be added
>to the pot is the use of formal design methods to ensure a secure execution
>environment.
----------------------------------------------------------------------------
--------------------------------
It is the latter, It was a complete new implementation.  If I remember
correctly, in principle, formal design methods are language independent.
Although in reality, an Ada 95 implementation might be the easiest and most
reliable way to produce the code.

I am still interested if strong typing, useful exception handling, and other
facilities of Ada would increase the immunity of an operating system from
attacks.  Obviously, the code would have to be executed with all checks on,
and the use of Ada still requires a reliable design methodology.

Regards,
Bob Leif
Robert C. Leif, Ph.D., PMIAC,
Vice President & Research Director
Ada_Med, A Division of Newport Instruments
5648 Toyon Road
San Diego, CA 92115-1022
Tel. & Fax (619) 582-0437
e-mail rleif@mail.cts.com




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~1996-05-20  0:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1996-05-18  0:00 Netscape Software Flaw Robert C. Leif, Ph.D.
1996-05-20  0:00 ` Rick LaRowe
  -- strict thread matches above, loose matches on Subject: below --
1996-05-20  0:00 Robert C. Leif, Ph.D.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox