Slashdot Mirror
Microsoft To Teach Undergrads About Secure Computing
Update: 03/24 18:00 GMT by J : Another report worth reading is Writing Software Right, which requires a free but annoying registration at Technology Review. This regards automated methods of finding software errors (not security specifically). Sun's "Jackpot" is discussed, a lint that also "identifies general instances of good or bad programming."
And Microsoft's efforts in this field are explained as well -- the company "paid more than $60 million in 1999 to acquire Intrinsa, maker of a bug-finding tool called Prefix. The program, which sifts through huge swaths of code searching for patterns that match a defined list of common semantic errors, helped find thousands of mistakes in Windows and other Microsoft products." As a Microsoft QA person says, "Our challenge is to get our software to the point that people expect it to work instead of expecting it to fail."
President George W. Bush will be teaching a course in diplomacy ...
When all you have is a hammer, everything looks like a skull.
This article is an obvious chance to bash M$, but take it easy.
Yes, many security holes in Windows occur weekly, but so do they in Open Source software. The only diffrence is, that the OS movement releases bug-fix's usually within 24 hours unlike M$.
If I were a student, or a college administrator, I would much prefer that a course in computer security be taught/aligned with a company that has a long, solid, proven track record in security, as opposed to a company whose track record is nothing but miserable. I know OpenBSD's security record is pretty strong, as is Apple's and I'm sure other vendors. But MS? It would be about like having a French general teach an ROTC class and makes about as much sense as Lybia charing the UN Commission on Human Rights and Iraq chairing the UN Commission on Disarmament (both of these are in effect right now, crazy as it sounds).
So are you suggesting that no one in MS can teach secure and have secure code?
Remember. Windows was made over several years and hundreds (if not thousands) of coders. We're talking older code, and thousands of different coders.
But, hey, anything to insult MS, right?
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
You can find a description here.
The only difference is that this module was intended to make undergrads see the failure and risk by means of software engineering, and we did this by looking at various procedures for writing secure code, and we looked at lots of examples from history (the challenger incident, for example, etc).
This course seems to be aimed more at specific coding practices - avoiding buffer overruns for example. It doesnt look like they'll be told how to deal with failure once it happens (because it *will* happen). I also fear that since Microsoft will be involved, it'll be specific to Windows & x86 -- not a real life view of computing.
Suggested course offerings follow:
CSI1001: Introduction to the necessity of 3rd-party security modules in a Microsoft environment
CSI1002: Trusted++ computing--how to manage your defenseless box on a multi-million node internet
CSI2001: Rapid HotFix/Service Pack deployment
CSI2002: (Continuation of 2001) Rapid HotFix/Service pack undeployment
CSI3001: Microsoft and you--Introspectives on long-term site licensing and vendor lock-in
"God is a comedian playing to an audience too afraid to laugh." -Voltaire
I did a course in my computer engineering degree last term called Formal Methods where half the course we spent learning the "Cleanroom" method of coding. To put it simply this method makes you specify functions through math and the prove via math that your code does do what it is intended to do. Projects that have used the cleanroom method have reported roughly 2-3 errors per 1000 lines of code (on the first compile) and over 75% of the code compiles and runs correctly on the first try. They are very impressive number but they come at a cost of a learning curve and spending more time properly defining functions and classes. After doing that course I have a whole new respect for software verification. If anyone wanted to teach how to write secure code they should really invest their efforts in this proven method.
"I believe in everything in moderation. Including moderation." -Dean DeLeo, Stone Temple Pilots
Secure Computing for Dummies... by Dummies.
Beauty is in the eye of the beerholder.
How about that anti-smoking ad by a guy smoking through a hole in his neck? Or inmates coming to school to talk about abiding the law? I think Microsoft has quite a lot to talk about on the subject.
I was wondering how OS-agnostic these courses are going to be, when I came across this quote:
Okin agreed: "We need to get input from others as well. Clearly, there is no point in these undergraduates learning only about Microsoft technology. We need a broad approach."
The reason I wondered was because so much of secure programming involves access control in many ways, direct and indirect. Obviously, Microsoft's access control mechanisms vary wildly from Unix paraadigms. I'm not a hardcore programmer, but I can only assume that priviledge escalation exploits under a Redmond OS would be very different from something similar with linux.
That sentence states unambiguously that the course will cover non-MS architecture.
I, for one, am impressed. Doing the right thing for once, the boys in Redmond.
Blearf. Blearf, I say.
Leaving personal politics aside -- whether you agree or disagree -- it's certainly the case that Bush's diplomacy and Microsoft's security have been called into question and are the center of heated debate. In situations like these, the actual facts play only a modest role in shaping public opinion, especially when the "facts" are nebulous, subjective, and largely unquantifiable. There are no established objective measures of computer security, and even less of diplomatic success, that do not rely heavily on retrospective data.
In debates like these, perception and politics reign. And one surprisingly effective tactic is to assert the point under debate by calmly behaving as if there were no debate and moving on to the next step. If you simply act as if something is true, and act surprised when people question it, listener tend to build consensus around the confidence you project. Certainly the Bush administrations (and, of course, many previous administrations) have used this tactic extensively, and Microsoft seems to be using it now: If they're teaching a course on security, they must know security, right?
This places those arguing the opposite side (pacifists in the one case, the Slashdot majority crowd in the other) in the awkward position of constantly having to re-establish that the debate is still open, without boring, tiring, or otherwise turning off the only semi-interested public.
Note that none of all that maneuvering has anything to do with who's actually right.
Microsoft's university program is closely linked to its Trustworthy Computing initiative, its companywide focus on securing its products, which was launched early last year.
Hey, check it out. Early last year Microsoft decided it might me worthwhile to secure some of its products.
I hear some time in Summer 2014 Microsoft is going to launch its Memory Leak Awareness Program.
I forget where I heard it, but someone once pointed out that if your going to go to Spain to participate in the running of the bulls, you don't really want to talk with the people that managed to survive it... you want to talk to the guy that got his ass gored off because he can tell you exactly what to avoid doing!
Same thing here! Who better to tell us what security bugs to avoid than Microsoft.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
I would much prefer that a course in computer security be aligned with a university and good general engineering practice and strictly eschew alignment with any company of any kind.
Don't they have a *professor* qualified to teach such a course, and if not, why would anyone go there?
Maybe I'm just being a *cynical* old fuddy duddy, but I smell payol. . . er, a donation. Ah yes, there it is at the end of the article. Go figure.
I also strongly suspect that day one will *not* feature a lecture on the benefits of UNIX, how to uninstall Outlook Express or the security features built into Sun Java.
Which is precisely the reason an institute of higher learning should shy away from such blatant association with a particular company who has a vested interest in the field.
What's going to be next, the Christian Science Monitor Chair of Internal Medicine or Powerbar Chair of Exercise Physiology?
KFG
I believe their real motive in offering such a course would be to teach programmers to code for security the Microsoft way, so that things continue to get worse. Their definition of security of your machine is much like their definition of digital rights of your machine; they are not looking after your digital rights, and they are not looking after your security.
I'm an American. I love this country and the freedoms that we used to have.
Microsoft has a huge push going on in education. Campus reps, steep tool discounts, and curriculum suggestions to get Microsoft technology into undergrad and grad school course materials. Ask any CS professor what kind of contact they've had with Microsoft reps.
.Net runtime.
Java and Linux have become very large forces in education. Java has very nearly become the de facto teaching language, and Linux has become a popular instruction platform. Microsoft is trying very hard to counter this motion with C# and the
Out of this will come lots of students thinking about security the Microsoft way. They'll believe that more security features (ACLs, etc.) in a system make it more secure. They'll think that if they just throw more tools and wizards at software, they can handle anything. And, sadly, even if those programmers don't become Microsoft programmers, a lot of that bad thinking will spill over into Linux and other systems; too much of that is already happening, with people busily porting some of the worst misfeatures of Windows to Linux.
I've used formal methods in a few places... much to the indifference of colleagues. I remember one time finding a subtle bug via Z-notation and fixing it, then moving on to another project while several of my former coworkers criticized my code as "unnecessarily complex," etc. A couple years later I happened to overhear a conversation that strongly suggested somebody had "cleaned up" my code, then actually encountered that rare, subtle bug years later and had great difficulty (and pride) in fixing it.
So formal methods are extremely powerful... but I rarely use them now. The problem is that few problems are so well defined that you can use them in a meaningful manner. If you're writing low-level code - something on the level of string libraries or date routines, use them. But as you get closer to real world problems, the formal methods seem more effective at driving home how little you understand about your problem space, not writing solid code.
(As a specific example, I remember getting nailed by the concept of "triangle." We were writing meteorological code, and sometimes "triangles" were planar and sometimes they were triangles on a sphere -- and the problems are *very* different as you move away from small triangles. Some of our code did - many navigation problems can be reduced to triangles with the two endpoints and the North Pole.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Week One: The dangers of open source software
Week Two: More dangers of open source software
Week Three: How frequent licensing payments improve security
Week Four: Shhhh... better security means not discussing exploits and security holes
Week Five: How the media exaggerates security issues
Week Six: Did we mention the dangers of open source? Let's review
Week Seven: How to uninstall Linux
Week Eight: Macintosh--the gay-communist connection
Week Nine: (No classes during this week so students can reinstall Windows or do any necessary security patches.)
Week Ten: Trusted computing, i.e., how hypnosis is your friend
Week Eleven: The dangers of open source software revisitted
--Rick "If it isn't broken, take it apart and find out why."