Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
M J D Brown
mjdb at dorevale.demon.co.uk
Sat Aug 7 16:12:22 BST 2010
We could debate the difference between 'safe' and 'secure' code, but
assuming that you will be working and researching in the open arena for
a publishable PhD thesis, you might care to take a hard look at the
functional safety domain covered by the IEC 61508 standard. The
normative parts of that standard may not be relevant to your subject
area, but I think you will find Part 7 of the Standard 'Overview of
Techniques and Measures' of particular interest.
One method that has its adherents is to employ a widely-used language
and compiler (on the basis that compiler faults may well have been
exposed in the course of widespread use), in conjuction with a
pre-processor that detects and thus excludes defined dangerous language
constructs. Annotated Verifiable ADA (AVA), for example, employs the
'significant comment' concept to provide semantic instruction of the
----- Original Message -----
From: "Ian Batten" <igb at batten.eu.org>
To: "UK Cryptography Policy Discussion Group"
<ukcrypto at chiark.greenend.org.uk>
Sent: Saturday, August 07, 2010 10:47 AM
Subject: Re: Being safe on the internet (was Re: Here we go again - ISP
DPI,but is it interception?)
> So, if I'm three weeks from starting a PhD in which the production of
> a large slab of secure code (let us gloss over whether that's formally
> secure or pragmatically secure), what toolchain should I use? I'm
> guessing my favoured "first to reach for" tools at my advanced age of
> C and Perl aren't cool, C++ horrifies me aesthetically, Java is dull.
> I think it's time for a Lisp revival.
More information about the ukcrypto