Built-in Object Security
- 378 Downloads
Modern programming languages and systems provide much support for security. Through strong typing, they can substantially reduce the opportunities for low-level coding errors that could result in buffer overflows and other vulnerabilities. They also allow protection by encapsulation and the treatment of objects as unforgeable capabilities. In addition, they sometimes include rich security infrastructures, for example libraries for authentication and authorization.
Although common programming languages are not primarily concerned with security, language definitions can be the basis for security guarantees. A language specification may imply, for instance, that object references are unguessable. An implementation may resort to cryptography in order to enforce this property and others built into the language.
Conversely, for better or for worse, security machinery can have a significant effect on language semantics and implementations, even when it is regarded as an add-on. For instance, access-control techniques that depend on the contents of the execution stack give an observable role to the stack, affecting program equivalences. A language perspective can help in understanding such security mechanisms and sometimes in developing new ones.
KeywordsProgram Equivalence Security Mechanism Strong Typing Buffer Overflow Language Definition
- 2.Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, February 2003, pp. 107–121 (2003)Google Scholar
- 4.van Doorn, L., Abadi, M., Burrows, M., Wobber, E.: Secure network objects. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, May 1996, pp. 211–221 (1996)Google Scholar