Re: Ada and cybersecurity

["Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca>]

tmoran@acm.org wrote:

>>>CSPAN-2 had todays hearings of the House Technology(etc) committee, ...
>>
>>This is what I was getting at when I asked about the use of Ada to protect
>>against worms etc. I suspect that the place to start is to ask DoD or NSF
> 
>   When Congressman Putnam asked witnesses "what should the government do",
> someone suggested a government lab to test and issue "secure"
> certificates, another suggested more education of young people so they
> won't be hackers, etc.  I doubt a government lab could find obscure holes
> much faster than they are found now, and I'm quite sure the the small
> fraction of a percent of "young crackers" can't be reduced to zero by any
> reasonable education campaign.  One thing I didn't hear (but then I didn't
> listen to the entire hearings) was any comment about better software
> development tools, such as cutting down on buffer overflows (etc.) with
> Ada.  So perhaps we can expect a continuing low level of security, ever
> more expensive worms, plus the government spending more of our children's
> money ineffectively.  Congress is unlikely to come up with good ideas
> if nobody suggests any to them.

Another option is often overlooked: get the hardware vendors (Intel)
to include a better return instruction, so that code does not
execute off of the stack (the return address must point to text, in
read-only, excecutable (if the cpu supports it) address - else generate
a fault). This too can be exploited I think, but it does make things
much more difficult. There are perhaps other ways to perhaps eliminate
this entirely, if the right hardware was in place.

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg