Re: Netscape Software Flaw

["Robert C. Leif, Ph.D." <rleif@MAIL.CTS.COM>]

To: Rick LaRowe
From: Bob Leif

Subject: Netscape Software Flaw

Date: 20 May, 1996

You wrote >
>
>If you are suggesting the use of Ada for writing applets (via Intermetrics'
>AppletMagic), then this really doesn't solve anything but accidental errors.
>The real concern with Java and Netscape right now is that there are quite a
>few security holes that enable clever, malicious folks to "attack" machines
>on the net.  Being able to write an applet in Ada isn't going to affect an
>attacker, since s/he will write in raw JVM byte codes if necessary.  That said,
>it is fairly obvious that security must be enforced at the JVM level.
>
>If what you were referring to was a whole new Java/JVM/Netscape implementation
>scheme, then that's an entirely different thing.  And while I think Ada might
>help quite a bit in this area, I think that the biggest thing that can be added
>to the pot is the use of formal design methods to ensure a secure execution
>environment.
----------------------------------------------------------------------------
--------------------------------
It is the latter, It was a complete new implementation.  If I remember
correctly, in principle, formal design methods are language independent.
Although in reality, an Ada 95 implementation might be the easiest and most
reliable way to produce the code.

I am still interested if strong typing, useful exception handling, and other
facilities of Ada would increase the immunity of an operating system from
attacks.  Obviously, the code would have to be executed with all checks on,
and the use of Ada still requires a reliable design methodology.

Regards,
Bob Leif
Robert C. Leif, Ph.D., PMIAC,
Vice President & Research Director
Ada_Med, A Division of Newport Instruments
5648 Toyon Road
San Diego, CA 92115-1022
Tel. & Fax (619) 582-0437
e-mail rleif@mail.cts.com