From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,8623fab5750cd6aa X-Google-Attributes: gid103376,public Path: g2news1.google.com!news1.google.com!newsfeed.stanford.edu!news.ems.psu.edu!news.litech.org!news.glorb.com!wn14feed!worldnet.att.net!207.35.177.252!nf3.bellglobal.com!nf1.bellglobal.com!nf2.bellglobal.com!news20.bellglobal.com.POSTED!not-for-mail From: "Warren W. Gay VE3WWG" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Improving Ada's image - Was: 7E7 Flight Controls Electronics References: <40b9c99e$0$268$edfadb0f@dread16.news.tele.dk> <40ba315a$0$254$edfadb0f@dread16.news.tele.dk> <04udnR-eHNChzSbdRVn-vw@gbronline.com> <7J0xc.7371$8k4.269106@news20.bellglobal.com> <1086630278.542788@master.nyc.kbcfp.com> <8xlxc.27603$sS2.845496@news20.bellglobal.com> <1086715817.122983@master.nyc.kbcfp.com> <1086733411.736049@master.nyc.kbcfp.com> <3Auxc.11998$XY6.1296622@read2.cgocable.net> <40C85035.4020706@noplace.com> <40C9EC3B.60304@noplace.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-ID: Date: Tue, 15 Jun 2004 13:06:15 -0400 NNTP-Posting-Host: 198.96.223.163 X-Complaints-To: abuse@sympatico.ca X-Trace: news20.bellglobal.com 1087319110 198.96.223.163 (Tue, 15 Jun 2004 13:05:10 EDT) NNTP-Posting-Date: Tue, 15 Jun 2004 13:05:10 EDT Organization: Bell Sympatico Xref: g2news1.google.com comp.lang.ada:1516 Date: 2004-06-15T13:06:15-04:00 List-Id: David Starner wrote: > On Mon, 14 Jun 2004 14:30:08 +1200, Berend de Boer wrote: >>>>>>>"Marin" == Marin David Condic writes: >> >> Marin> But you *can* write a perfectly secure, reliable system in >> Marin> languages other than Ada. Maybe (maybe!) it requires more >> Marin> work, but it *can* be done. >> >>So far the real world has not produced a reliable secure OS in C. Can >>it be done? I doubt it. > > What OSes are you looking at? You can't expect the major commercial > operating systems to be reliable and secure, because the public doesn't > want reliable and secure. Well, of course, it depends again on what you consider reliable and secure to mean (as Alexander Kopilovich has said). Some of the public _does_ want reliable and secure (depending on what that means). Actually, I'll bet if you asked them, they would want "reliable and secure", in addition to everything else (they want it all, for lowest price etc. etc.) Ask anyone who's had to pay someone to reload their O/S due to a virus, if they want a secure O/S? Ask them after they've lost all of their digital photos! (I know people \ that have suffered this fate). > A reliable and secure operating system would run > on one standard set of simple predictable hardware. Predictable yes. Simple is what we would want, because simple is easier to validate. But I am not certain that simplicity must be a prerequisite. > The public wants > something that will run on their current hardware. To a point. We all want faster and more powerful too. > A reliable and secure > operating system would probably run everything in its own virtual machine > anyway; This only shifts responsibility from one layer to another. There still must be validation, just at a different level. The bottom line doesn't really change. > the public wants things to go fast. Speed should not matter. Hardware is always run at suboptimal speed for reliability reasons. But this is a hardware tradeoff, not a software security issue (except possibly for complex timing issues). > A reliable and secure > operating system can't support kludges that open up security holes; I think that it is generally agreed that we don't want kludges ;-) > the > public wants their old programs to run (and run fast) on their new system. Backwards compatibilities do carry forward certain risks. > A reliable and secure operating system would reduce or eliminate the usage > of a root-like user; the public doesn't want to jump through hoops > every time they want to fix the clock or install a program. This is an interesting area of study. More study on this problem should be encouraged. Unfortunately, there seems to be an overall decline in the interest of O/S design these days (there was a paper released about this, some time ago, which was discussed in this group (discussed last year?)) > A reliable, > secure operating system is simple; You are listing simplicity as a prerequisite for secure. I do agree that a simple system is easier to validate. But it is by no means a prerequisite, as long as you have a method to validate your design. > the public wants fast (highly tuned) > and featureful operating system. Agreed, that there are tensions for compromise. But what I have been saying (and perhaps others), is that surely there are ways to do better than what we have now. > It's actually quite easy to write a secure, reliable OS in C. It looks > something like this: > > main () { > for (;;) {} > } Well, we can do that in Ada too, and even multitask it! ;-) > It's making a _usable_ secure, reliable OS that's hard, and most of that > is independent of programming language. Well, you and I could argue the "most" or "not" part. I firmly believe that Ada would greatly influence the design of an operating system, such that better engineering and fewer defects would prevail. Obviously, if it is designed incorrectly, it would still easily give away priviledges when it wasn't appropriate. -- Warren W. Gay VE3WWG http://home.cogeco.ca/~ve3wwg