Slashdot Mirror
Microsoft To Teach Undergrads About Secure Computing
Update: 03/24 18:00 GMT by J : Another report worth reading is Writing Software Right, which requires a free but annoying registration at Technology Review. This regards automated methods of finding software errors (not security specifically). Sun's "Jackpot" is discussed, a lint that also "identifies general instances of good or bad programming."
And Microsoft's efforts in this field are explained as well -- the company "paid more than $60 million in 1999 to acquire Intrinsa, maker of a bug-finding tool called Prefix. The program, which sifts through huge swaths of code searching for patterns that match a defined list of common semantic errors, helped find thousands of mistakes in Windows and other Microsoft products." As a Microsoft QA person says, "Our challenge is to get our software to the point that people expect it to work instead of expecting it to fail."
It makes sense that they are doing this.
.net technologies, and the next generation will shun linux and MS will take over the world! .02, and then donate it to charity for a $300 dollar write off??
Linux as a whole doesnt have so much money they have to give it away at an enormous rate, so MS will train the up and coming sys-admins into Windows and
This is the same diff as MS giving computers to libraries all over the world. Isnt it nice that they can copy a software CD for
No I didnt spell check this post...
You can find a description here.
The only difference is that this module was intended to make undergrads see the failure and risk by means of software engineering, and we did this by looking at various procedures for writing secure code, and we looked at lots of examples from history (the challenger incident, for example, etc).
This course seems to be aimed more at specific coding practices - avoiding buffer overruns for example. It doesnt look like they'll be told how to deal with failure once it happens (because it *will* happen). I also fear that since Microsoft will be involved, it'll be specific to Windows & x86 -- not a real life view of computing.
I was wondering how OS-agnostic these courses are going to be, when I came across this quote:
Okin agreed: "We need to get input from others as well. Clearly, there is no point in these undergraduates learning only about Microsoft technology. We need a broad approach."
The reason I wondered was because so much of secure programming involves access control in many ways, direct and indirect. Obviously, Microsoft's access control mechanisms vary wildly from Unix paraadigms. I'm not a hardcore programmer, but I can only assume that priviledge escalation exploits under a Redmond OS would be very different from something similar with linux.
That sentence states unambiguously that the course will cover non-MS architecture.
I, for one, am impressed. Doing the right thing for once, the boys in Redmond.
Blearf. Blearf, I say.
I forget where I heard it, but someone once pointed out that if your going to go to Spain to participate in the running of the bulls, you don't really want to talk with the people that managed to survive it... you want to talk to the guy that got his ass gored off because he can tell you exactly what to avoid doing!
Same thing here! Who better to tell us what security bugs to avoid than Microsoft.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
The technique you describe is part of a field known as "Formal Methods".
The term "cleanroom" comes from reverse engineering, where you have team A of engineers write a spec for a competitors product and team B (who've never seen the product) write an implementation. This gives you some degree of legal protection, but does not prove anything about correctness.
Of course, the flaw with formal methods is that they only prove the program is functioning as designed - which is definitely a worthwhile goal, but does not say anything about the correctness of the design itself. E.g., think of the problems with the incorrect mirror for the Hubble Space Telescope - the grinding machine worked perfectly, but the final mirror was still ground to the wrong shape.
I believe their real motive in offering such a course would be to teach programmers to code for security the Microsoft way, so that things continue to get worse. Their definition of security of your machine is much like their definition of digital rights of your machine; they are not looking after your digital rights, and they are not looking after your security.
I'm an American. I love this country and the freedoms that we used to have.
First, I think the partent post was ment to be humor.
If you were able to lay aside your biases, you might even chuckle.
As for the war, there are certainly those that argue attacking Iraq is wrong. I won't take a stand on that because there are a number of reasons to support the argument that come down to a larger view of man's behavior and the ultimate benificiary of ones actions.
However, the response that you quote is a smoke-screen, so we don't have to dig all that deep to deal with the problem.
No one can effectively argue at this point that S.H. is not a brutal and unstable ruler. He's certainly not the man that I would put in charge of Iraq, nor would I flinch at pulling the trigger if I were in the front row when he gave a speach, and I happened to have a pistol on me.
That said, the current actions of the U.S. government have little to do with the quality of S.H.'s rulership. For one, we've been in the business of giving large amounts of money and trade to countries with equally repugnant civil rights records for decades, and ask Amnesty International about the U.S. track record on opposing torture and civil suppression. We practically pay extra for it (not to mention train for it) in Central and South America and Asia.
Now we're fighting for freedom in Iraq, and I have to ask: why? What's more, I have to ask: is this the way we want to go to war?
The last several times we've committed US troops to foreign conflict (in Asia, the Caribian, Persian Gulf, Kosovo and lesser conflicts in Africa), the President has made the decision to go to war, and the Congress has rubber-stamped the decision post-facto. We have a constitution, and while the language is somewhat vague (allowing Presidents avoid impeachment for such action), it is certainly clear that the intent of the constitution was never to allow this sort of large-scale conflict without a formal declaration of war.
Now, if we're stepping boldly into the 21st century and forgoing national conflict in preference for UN peacekeeping, then I'm all for it. However, if that process is implemented as "UN sets deadline for compliance; deadline expires; within minutes US sends 40 Tomahawk Cruise Missiles", then I think someone missed the point. No one at the UN decided that it was time to attack. The US invited a handful of its trusted allies who happen to be members of the UN join a US-operated and overwhelmingly US-staffed war against Iraq.
There is a delicate game the US has been playing in the middle-east for the last 50 years. We're trying to ensure that those who litterally control the fuel that the world's nations run on cannot blackmail us with it because of political tensions. Our financial and weapons support of Iraq vs Iran was an ideal example of this. It has earned us the hatred of just about everyone in the region, and even those who were once our allies have become reluctant partners only due to our overwhelming superiority in terms of military and power (e.g. Turkey).
We shall see where this goes, but let us not fool ourselves into thinking that we're fighting for the Iraqi people. Such a thing would be massively out of character for the United States.
Arthur Anderson (the accounting firm that caused Enron)
I'm a Chicagoan, and I find it sad that Andersen went away. They didn't cause Enron; they were crooks already. What Andersen did was allow it to happen when it was their specific responsibility to stop it. They got caught up in a contest with Andersen Consulting on how to book the biggest bucks, and let it blind them from outing the crooks. The sad thing is, previous to Enron/WorldCom et al., they had a rep of being the toughest firm out there with their bullshit filters turned to 11. They sold out.
This technology isn't used much in software any more. Why? Programming languages are worse. The semantics of Pascal are well-defined. C and C++, with casts, unions, void, and such, are hard to formalize. The strict languages (Pascal, Modula, Ada) are moribund, if not dead. Hardware designers, though, use formal methods on VHDL routinely.
It would be useful to look at proof of correctness technology again today. When I was doing it, I used to need 45 minutes of VAX 11/780 time to verify a 1000-line program. That would translate into about 20 seconds on a modern machine. (That's from a cold start; you cache results, and reruns are far cheaper.)
Negative proofs (program doesn't subscript out of range, pass data to a lower security level, go into an infinite loop) are relatively straightforward. Proving that a program does something specific is hard, because specifying the goal is hard. But proving that a program doesn't do something is far more straightforward.
I used to demo our system by letting people put a bug into a working program and then running the verifier to find it. Worked fine. This can be done.
One of the few modern system in this area is the COMPAQ Extended Static Checker for Java. It was one of the last projects of the old DEC Systems Research Lab, before HP closed it down. Download it before Carly Fiona makes it go away.
I've used formal methods in a few places... much to the indifference of colleagues. I remember one time finding a subtle bug via Z-notation and fixing it, then moving on to another project while several of my former coworkers criticized my code as "unnecessarily complex," etc. A couple years later I happened to overhear a conversation that strongly suggested somebody had "cleaned up" my code, then actually encountered that rare, subtle bug years later and had great difficulty (and pride) in fixing it.
So formal methods are extremely powerful... but I rarely use them now. The problem is that few problems are so well defined that you can use them in a meaningful manner. If you're writing low-level code - something on the level of string libraries or date routines, use them. But as you get closer to real world problems, the formal methods seem more effective at driving home how little you understand about your problem space, not writing solid code.
(As a specific example, I remember getting nailed by the concept of "triangle." We were writing meteorological code, and sometimes "triangles" were planar and sometimes they were triangles on a sphere -- and the problems are *very* different as you move away from small triangles. Some of our code did - many navigation problems can be reduced to triangles with the two endpoints and the North Pole.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I'd say some of the gems of my book collection are from Microsoft Press. In particular, anything written by Jefferey Richter or Charles Petzold I'm willing to take on faith will be outstanding.
Irrespective of feelings towards Microsoft (and I'm pretty far into the anti-MS camp), their Microsoft Press division has released some darn fine books.
(Note: I only own 4 MS Press books, and all have been outstanding. This does not mean that there aren't hundreds of MS Press books that are crap, but that hasn't been my experience.)
Alan
Firstly, pacifists are not the only ones at odds with Mr. Bush. Any sane, intelligent and adequately aware human being should be at odds with Mr. Bush's actions, but this is NOT the place for political debate.
This is the place to comment on Microsoft's obvious and very quantifiable hypocracy. Microsoft has a lengthy chain of events that would dictate that they are incapable of writing secure code. Perception and politics do not reign here and are irrelevent to this discussion, unless you perceive things with "wool over your eyes" in which case you need to remove your head from the sand and look at the FACTS which are not subjective nor "nebulous."
See how many CERT alerts are related to Microsoft products and how many are related to other vendors. The overwhelming factual majority is enough for any sane and intelligent person to laugh their ass off at the irony of Microsoft teaching a secure code training course!
If you do not find that ironical, please remove your head from the sand (or any other orifice) and educate yourself before being a part of the joke.
Jason Lockhart
the company "paid more than $60 million in 1999 to acquire Intrinsa, maker of a bug-finding tool called Prefix. when was the last time Microsoft just licensed software they wanted instead of just buying the company that makes it?
Couldn't they have just bought a few licenses? Why did they have to BUYOUT the whole company? I'm sure if they worked up a good deal, they could have purchased a few thousand licenses for much less than $60M...
Please consider making an automatic monthly recurring donation to the EFF