From: stefan-lucks@see-the.signature
Subject: Re: 'private' and Privacy
Date: Wed, 8 Jul 2009 04:48:16 +0200
Date: 2009-07-08T04:48:16+02:00 [thread overview]
Message-ID: <Pine.LNX.4.64.0907080339360.18913@medsec1.medien.uni-weimar.de> (raw)
In-Reply-To: <843a36b0-041d-4826-98b4-0fbcb1a4d287@d9g2000prh.googlegroups.com>
On Tue, 7 Jul 2009, Rick wrote:
> I have:
>
> KEYPAD_ROWS_COUNT : constant Positive := 2;
> -- The number of rows on a keypad.
>
> KEYPAD_COLUMNS_COUNT : constant Positive := 2;
> -- The number of columns on a keypad.
>
> type Keys_Type is array
> (1 .. KEYPAD_ROWS_COUNT, 1 .. KEYPAD_COLUMNS_COUNT)
> of Gtk.Key_Button_Pkg.Gtk_Key_Button_Access;
> --Intermediate, addressable storage of keys for the keypad.
How about this?
-- solution 1
type Keys_Type is array
(Integer range <>, Integer range <>)
of Item;
function Keys_Type_Create return Keys_Type is ...
This allows to actually create constrained Keys_Type arrays without making
Keypad_Rows_Count and -_Columns_Count public.
> I am trying to find a way to ensure that the user only addresses items
> in the array in the manner I provide rather than making use of the
> information clearly visible about the range of the array. I can use
> functions instead of constants to define array range values but they
> have to be fully declared before I define the array - and this exposes
> that which I wish to remain private (the actual range).
Perhaps, what you want is the following:
-- solution 2
type Keys_Type is limited private;
function Get(KT: Keys_Type; X, Y: Integer) return Item;
procedure Put(KT: Keys_Type; X, Y: Integer; It: Item);
...
private
type Keys_Type is array(Secret_1 .. Secret_2, Secret_3 .. Secret_4)
of Item;
end;
> Isn't this a contradiction in terms, or _is_ there a way to retain
> 'Privacy'?
Depends on what you mean by "privacy". For solution 1, your adversary/user
would have to write
X: Keys_Type := Keys_Type_Create;
and then could access X(I,J) -- but there are legal ways in Ada to figure
out the ranges of X.
Solution 2 requires to write the ranges into the private part of your
spec. Private means, you can't use it, but the compiler must know -- and
you can read it. (It always confused me, that the designers of Ada did put
two different things into the same file: the specification for the user,
i.e., the programmer going to "with" a package, and the private part,
which actually is meant to be "compiler only".)
You can combine solution 1 and solution 2, to avoid explicitely writing
your ranges in the spec. But whoever is able to read the implementation of
Create_Key_Type still can figure out the ranges.
Even if your user/adversary has no access to the source code of that
implementation, what are you going to do if your user calls Put or Get
with invalid indices? If you just raise an exception, the user could
search for the ranges. If the lower bounds ("Secret_1" "Secret_3" above)
are known (you seem to assume them to be 1), the user/adversary can find
the secret constants KEYPAD_ROWS_COUNT and KEYPAD_COLUMNS_COUNT by running
a binary search for each of the constants.
But what is the problem you really want to solve?
If you need to protect confidential constants, Ada is unlikely to solve
your problem. But if you don't actually require confidentiality and just
want to protect the user of your package from harming himself/herself,
defining a private or limited private type and some put/get subprograms,
as I did for solution 2, seems to be the way to go.
--
------ Stefan Lucks -- Bauhaus-University Weimar -- Germany ------
Stefan dot Lucks at uni minus weimar dot de
------ I love the taste of Cryptanalysis in the morning! ------
next prev parent reply other threads:[~2009-07-08 2:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-08 2:48 'private' and Privacy Rick
2009-07-08 2:48 ` stefan-lucks [this message]
2009-07-08 6:51 ` Gautier write-only
2009-07-08 12:47 ` Ludovic Brenta
2009-07-08 15:25 ` (see below)
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox