Communications of the ACM

Home/Opinion/Articles/Tired of Security Problems? Change Rules of Writing.../Full Text

ACM TechNews

Tired of Security Problems? Change Rules of Writing Code

By BYTE
August 7, 2012
Comments

View as: Print Mobile App Share:

Security researcher Dan Kaminsky believes rethinking the basic rules of computer science can dramatically improve computer security, and argues that "there's not enough science [being done]."

Kaminsky says keeping code and data separate is the key. "We need to respect developers and give them the tools that they need," he says. "We know we have security issues with timing. They're the vast majority of vulnerabilities ever written and discovered. We haven't actually fixed them."

Kaminsky notes the hypothesis of language theoretic security is that security flaws stem from the languages code is written in, and he cites three challenges: The inability to authenticate, the inability to write secure code, and the inability to expose malefactors. Kaminsky mentions as an example the use of clocks in the computer as a method for preventing a network attack strategy that exploits random number generation. Through the creation of underlying technologies, he aims to boost the volume of data available to expedite vulnerability discovery.

"We are operating in a vacuum of information," Kaminsky says. "There are things we are afraid of in security and censorship. Why don't we find out what is happening?"

From BYTE
View Full Article

No entries found

Tired of Security Problems? Change Rules of Writing Code

White House Urges Developers to Stop Using C, C++

Gaining Benefit from Artificial Intelligence and Data Science: A Three-Part Framework

'On Expert Testimony': A Response