Does Ada need a 'secure coding standard' as well?

Does Ada need a 'secure coding standard' as well?

[Nasser M. Abbasi]

I saw that CMU makes now what is called CERT (secure coding standards)
for different languages. They have Java, C, C++ in there.

These are supposed to be rules that a programmer should adopt to
make the code written by that language more 'safe' and 'secure'

Here is the one for C for example

https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard

I was wondering if Ada would benefit of having something like this?
such secure programming rules customized for Ada.

Or if it is even needed as much for Ada?  Some of the rules
seem good to know about

May be some of this material is allready in the Ada rational in
different places. not sure now.

--Nasser

Re: Does Ada need a 'secure coding standard' as well?

[Yannick Duchêne (Hibou57)]

Le Sat, 28 May 2011 20:53:25 +0200, Nasser M. Abbasi <nma@12000.org> a  
écrit:

> I saw that CMU makes now what is called CERT (secure coding standards)
> for different languages. They have Java, C, C++ in there.
>
> These are supposed to be rules that a programmer should adopt to
> make the code written by that language more 'safe' and 'secure'
>
> Here is the one for C for example
>
> https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard
You can guess these recommendations are all languages specific. Ex. the  
common recommendation to write

    if (condition) {
       do ();
    }

instead of

    if (condition)
       do ();

makes no sense for Ada, which has already handle this: you always write

    if Condition then
       do;
    end if;

There is no other way to do, so no rules to have there.

Well, this matters about how-to-write are mostly already embedded in the  
language rules (that is one of its target: readability, and principle of  
least-surprise).


Except that, there already exist to some Ada subset, or profiles. One of  
the most common is the one which is required with SPARK. Here again, no  
need to setup some rules and ask the authors to follow these rules and  
nothing else, as these are already checked by the SPARK Checker.

But nothing is perfect, there may be some interested rules to be applied  
to Ada, just that there will be few, and there all should be mostly domain  
specific, as the ones about the large principles, are already there (I  
believe).


-- 
“Syntactic sugar causes cancer of the semi-colons.”  [Epigrams on  
Programming — Alan J. — P. Yale University]
“Structured Programming supports the law of the excluded muddle.” [Idem]
“c++; /* this makes c bigger but returns the old value */” [Anonymous]

Re: Does Ada need a 'secure coding standard' as well?

[Ludovic Brenta]

"Nasser M. Abbasi" <nma@12000.org> writes:
> I saw that CMU makes now what is called CERT (secure coding standards)
> for different languages. They have Java, C, C++ in there.
>
> These are supposed to be rules that a programmer should adopt to
> make the code written by that language more 'safe' and 'secure'
>
> Here is the one for C for example
>
> https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard
>
> I was wondering if Ada would benefit of having something like this?
> such secure programming rules customized for Ada.
>
> Or if it is even needed as much for Ada?  Some of the rules
> seem good to know about
>
> May be some of this material is allready in the Ada rational in
> different places. not sure now.

This is addressed by ISO/IEC JTC 1/SC 22/WG 23 Programming Language
Vulnerabilities[1].

There are language-specifix annexes for Ada, SPARK and several other
languages.  The annexes for Ada and SPARK are in the Ada User
Journal[2], Volume 32, No 3 and 4 respectively.

[1] http://www.aitcnet.org/isai/
[2] http://www.ada-europe.org/journal.html

-- 
Ludovic Brenta.

Re: Does Ada need a 'secure coding standard' as well?

[Nasser M. Abbasi]

On 5/28/2011 12:06 PM, Yannick Duchêne (Hibou57) wrote:

>
> Except that, there already exist to some Ada subset, or profiles. One of
> the most common is the one which is required with SPARK. Here again, no
> need to setup some rules and ask the authors to follow these rules and
> nothing else, as these are already checked by the SPARK Checker.
>

That was my initial reaction to when I saw those rules,
is that a well designed secure language, would not need such rules
(or much of then any them) for a programmer to remember, since
the compiler will check and reject code written which is 'not secure'
as it will be something not allowed at the language level itself.

But when I said that in the Java newsgroup I got screamed at :)

Most of the rules seem to target handling strings, where,
as one would expect, most of the security problems can sneak in.

The funny thing, is that Java 7 just added a switch on string  !

http://www.vineetmanohar.com/2011/03/new-java-7-feature-string-in-switch-support/

So, may be now more rules needs to be added for the programmer
to remember when using this new feature added by the language,
so they can use it in 'secure' way.

--Nasser

Re: Does Ada need a 'secure coding standard' as well?

[Yannick Duchêne (Hibou57)]

Le Sat, 28 May 2011 21:38:56 +0200, Nasser M. Abbasi <nma@12000.org> a  
écrit:
> The funny thing, is that Java 7 just added a switch on string  !
>
> http://www.vineetmanohar.com/2011/03/new-java-7-feature-string-in-switch-support/

A good idea, but they still did not removed the requirement of an explicit  
Break and the end of each case, so that is still not a real Switch, that's  
still a Goto.

    switch (color) {
    case "red":
      System.out.println("Color is Red");
      break;
    case "green":
      System.out.println("Color is Green");
      break;
    default:
      System.out.println("Color not found");
    }


-- 
“Syntactic sugar causes cancer of the semi-colons.”  [Epigrams on  
Programming — Alan J. — P. Yale University]
“Structured Programming supports the law of the excluded muddle.” [Idem]
“c++; /* this makes c bigger but returns the old value */” [Anonymous]

Re: Does Ada need a 'secure coding standard' as well?

[Simon Wright]

"Nasser M. Abbasi" <nma@12000.org> writes:

> https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard

I wouldn't have rated
https://www.securecoding.cert.org/confluence/display/seccode/POS39-C.+Use+the+correct+byte+ordering+when+transferring+data+between+systems
as a _guideline_ exactly!

Or
https://www.securecoding.cert.org/confluence/display/seccode/FIO09-C.+Be+careful+with+binary+data+when+transferring+data+across+systems
come to that.

Re: Does Ada need a 'secure coding standard' as well?

[Mark_Ngbapai]

On May 28, 11:37 pm, Simon Wright <si...@pushface.org> wrote:
> "Nasser M. Abbasi" <n...@12000.org> writes:
>
> >https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+S...
>
> I wouldn't have ratedhttps://www.securecoding.cert.org/confluence/display/seccode/POS39-C....
> as a _guideline_ exactly!
>
> Orhttps://www.securecoding.cert.org/confluence/display/seccode/FIO09-C....
> come to that.

There are references to Ada in the NASA Software Safety Book, it is
worth reading and can be downloaded freely at:

http://www.hq.nasa.gov/office/codeq/doctree/871913.pdf

Re: Does Ada need a 'secure coding standard' as well?

[Simon Wright]

Mark_Ngbapai <lightningbolt31@gmail.com> writes:

> There are references to Ada in the NASA Software Safety Book, it is
> worth reading and can be downloaded freely at:
>
> http://www.hq.nasa.gov/office/codeq/doctree/871913.pdf

Excellent link, thanks! (it may be dated 2004, but it doesn't seem
dated).

Re: Does Ada need a 'secure coding standard' as well?

[Yannick Duchêne (Hibou57)]

Le Sat, 28 May 2011 20:53:25 +0200, Nasser M. Abbasi <nma@12000.org> a  
écrit:
> I was wondering if Ada would benefit of having something like this?
> such secure programming rules customized for Ada.

In the particular area of Object Oriented Design applied to High-Integrity  
applications, there is one AdaCore worked on:
www.open-do.org/wp-content/uploads/2011/04/HighIntegrityAda.pdf

(I have this in my archive directory, but did not read it so far)

I know Jean-Pierre Rosen also took part to a similar workshop, but I have  
no reference to this.

-- 
“Syntactic sugar causes cancer of the semi-colons.”  [Epigrams on  
Programming — Alan J. — P. Yale University]
“Structured Programming supports the law of the excluded muddle.” [Idem]
“c++; /* this makes c bigger but returns the old value */” [Anonymous]

Re: Does Ada need a 'secure coding standard' as well?

[Yannick Duchêne (Hibou57)]

Le Sun, 29 May 2011 16:04:29 +0200, Yannick Duchêne (Hibou57)  
<yannick_duchene@yahoo.fr> a écrit:
> In the particular area of Object Oriented Design applied to  
> High-Integrity applications, there is one AdaCore worked on:
> www.open-do.org/wp-content/uploads/2011/04/HighIntegrityAda.pdf
http://www.open-do.org/wp-content/uploads/2011/04/HighIntegrityAda.pdf

-- 
“Syntactic sugar causes cancer of the semi-colons.”  [Epigrams on  
Programming — Alan J. — P. Yale University]
“Structured Programming supports the law of the excluded muddle.” [Idem]
“c++; /* this makes c bigger but returns the old value */” [Anonymous]

Re: Does Ada need a 'secure coding standard' as well?

[Maciej Sobczak]

On 28 Maj, 20:53, "Nasser M. Abbasi" <n...@12000.org> wrote:

> Or if it is even needed as much for Ada?

Apparently it is, as several such documents were written for Ada.

Apart from those already mentionend, these two might be of interest:

"Ada95 Trustworthiness Study: Guidance on the Use of Ada95 in the
Development of High Integrity Systems"

ISO/IES TR 15942: "Guide for the use of the Ada programming language
in high integrity systems"

--
Maciej Sobczak * http://www.msobczak.com * http://www.inspirel.com

Re: Does Ada need a 'secure coding standard' as well?

[Yannick Duchêne (Hibou57)]

Le Sun, 29 May 2011 17:23:52 +0200, Maciej Sobczak  
<see.my.homepage@gmail.com> a écrit:
> Apart from those already mentionend, these two might be of interest:
> […]
Do you know some reference to papers published after the workshop  
Jean-Pierre Rosen talked about here some months ago ? This was about OOD  
in applications with hard requirement for safety. I posted one link to  
such a document, but a pointer to this other material would still be worth.


Note for people not very versed in Ada reading this thread: these papers  
does not suggest Ada is not safe; on the opposite, these are all  
recommendations to be applied when a hard step above typical safety  
requirement one may find with everyday applications are required; none is  
required outside of so much heavy requirements.

-- 
“Syntactic sugar causes cancer of the semi-colons.”  [Epigrams on  
Programming — Alan J. — P. Yale University]
“Structured Programming supports the law of the excluded muddle.” [Idem]
“c++; /* this makes c bigger but returns the old value */” [Anonymous]

Re: Does Ada need a 'secure coding standard' as well?

[Florian Weimer]

* Maciej Sobczak:

> On 28 Maj, 20:53, "Nasser M. Abbasi" <n...@12000.org> wrote:
>
>> Or if it is even needed as much for Ada?
>
> Apparently it is, as several such documents were written for Ada.
>
> Apart from those already mentionend, these two might be of interest:
>
> "Ada95 Trustworthiness Study: Guidance on the Use of Ada95 in the
> Development of High Integrity Systems"

I don't think the CERT guide is targeted at high-integrity systems.
It's intended for an extremely broad range of things, from server
software to productivity applications for end users.  This means that
certain features are taken for granted, such as the need to restart
applications from time to time (because of a non-compacting dynamic
memory manager) and the ability of software to scale with available
resources.

Re: Does Ada need a 'secure coding standard' as well?

[J-P. Rosen]

Le 29/05/2011 16:04, Yannick Duchêne (Hibou57) a écrit :
> In the particular area of Object Oriented Design applied to
> High-Integrity applications, there is one AdaCore worked on:
> www.open-do.org/wp-content/uploads/2011/04/HighIntegrityAda.pdf
> 
> I know Jean-Pierre Rosen also took part to a similar workshop, but I
> have no reference to this.
> 
There will be a panel on this topic at the upcoming Ada-Europe
conference. One more reason to attend ;-)
---------------------------------------------------------
           J-P. Rosen (rosen@adalog.fr)
Adalog a déménagé / Adalog has moved:
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
Tel: +33 1 45 29 21 52, Fax: +33 1 45 29 25 00

Re: Does Ada need a 'secure coding standard' as well?

[J-P. Rosen]

Le 29/05/2011 17:53, Yannick Duchêne (Hibou57) a écrit :
> Do you know some reference to papers published after the workshop
> Jean-Pierre Rosen talked about here some months ago ? This was about OOD
> in applications with hard requirement for safety. I posted one link to
> such a document, but a pointer to this other material would still be worth.
>
I wrote one that I sent (a bit late, sorry) to Ada Letters. Should be in
the next issue.

---------------------------------------------------------
           J-P. Rosen (rosen@adalog.fr)
Adalog a déménagé / Adalog has moved:
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
Tel: +33 1 45 29 21 52, Fax: +33 1 45 29 25 00

Re: Does Ada need a 'secure coding standard' as well?

[Simon Clubley]

On 2011-05-28, Ludovic Brenta <ludovic@ludovic-brenta.org> wrote:
>
> There are language-specifix annexes for Ada, SPARK and several other
> languages.  The annexes for Ada and SPARK are in the Ada User
> Journal[2], Volume 32, No 3 and 4 respectively.
>
> [2] http://www.ada-europe.org/journal.html
>

The most recent volume on that website is Volume 32, No 1, dated March 2011.

Are you saying that these annexes are due for publication later this year,
or is the above volume number incorrect ?

Thanks,

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world

Re: Does Ada need a 'secure coding standard' as well?

[AdaMagica]

> > There are language-specifix annexes for Ada, SPARK and several other
> > languages.  The annexes for Ada and SPARK are in the Ada User
> > Journal[2], Volume 32, No 3 and 4 respectively.

It's volume 31, but the text is not yet online, only the table of
contents.

> > [2]http://www.ada-europe.org/journal.html

Re: Does Ada need a 'secure coding standard' as well?

[Simon Clubley]

On 2011-05-31, AdaMagica <christ-usch.grein@t-online.de> wrote:
>> > There are language-specifix annexes for Ada, SPARK and several other
>> > languages. �The annexes for Ada and SPARK are in the Ada User
>> > Journal[2], Volume 32, No 3 and 4 respectively.
>
> It's volume 31, but the text is not yet online, only the table of
> contents.
>

Thanks for clarifying.

Are the annexes available from any other online source ?

A quick search using the first URL only found what was classed as
historical material for Ada 83.

Thanks,

Simon.

-- 
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world