Wyvern:通过编程语言设计影响软件安全

Darya Kurilova, A. Potanin, Jonathan Aldrich
{"title":"Wyvern:通过编程语言设计影响软件安全","authors":"Darya Kurilova, A. Potanin, Jonathan Aldrich","doi":"10.1145/2688204.2688216","DOIUrl":null,"url":null,"abstract":"Breaches of software security affect millions of people, and therefore it is crucial to strive for more secure software systems. However, the effect of programming language design on software security is not easily measured or studied. In the absence of scientific insight, opinions range from those that claim that programming language design has no effect on security of the system, to those that believe that programming language design is the only way to provide \"high-assurance software.\" In this paper, we discuss how programming language design can impact software security by looking at a specific example: the Wyvern programming language. We report on how the design of the Wyvern programming language leverages security principles, together with hypotheses about how usability impacts security, in order to prevent command injection attacks. Furthermore, we discuss what security principles we considered in Wyvern's design.","PeriodicalId":426815,"journal":{"name":"Proceedings of the 5th Workshop on Evaluation and Usability of Programming Languages and Tools","volume":"48 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Wyvern: Impacting Software Security via Programming Language Design\",\"authors\":\"Darya Kurilova, A. Potanin, Jonathan Aldrich\",\"doi\":\"10.1145/2688204.2688216\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Breaches of software security affect millions of people, and therefore it is crucial to strive for more secure software systems. However, the effect of programming language design on software security is not easily measured or studied. In the absence of scientific insight, opinions range from those that claim that programming language design has no effect on security of the system, to those that believe that programming language design is the only way to provide \\\"high-assurance software.\\\" In this paper, we discuss how programming language design can impact software security by looking at a specific example: the Wyvern programming language. We report on how the design of the Wyvern programming language leverages security principles, together with hypotheses about how usability impacts security, in order to prevent command injection attacks. Furthermore, we discuss what security principles we considered in Wyvern's design.\",\"PeriodicalId\":426815,\"journal\":{\"name\":\"Proceedings of the 5th Workshop on Evaluation and Usability of Programming Languages and Tools\",\"volume\":\"48 4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 5th Workshop on Evaluation and Usability of Programming Languages and Tools\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2688204.2688216\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 5th Workshop on Evaluation and Usability of Programming Languages and Tools","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2688204.2688216","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

摘要

软件安全的破坏影响着数百万人,因此,为更安全的软件系统而努力是至关重要的。然而,编程语言设计对软件安全的影响是不容易测量和研究的。在缺乏科学洞察力的情况下,从那些声称编程语言设计对系统的安全性没有影响的人,到那些相信编程语言设计是提供“高保证软件”的唯一方法的人,观点不一。在本文中,我们通过一个具体的例子来讨论编程语言设计如何影响软件安全性:Wyvern编程语言。我们报告了Wyvern编程语言的设计如何利用安全原则,以及关于可用性如何影响安全性的假设,以防止命令注入攻击。此外,我们还讨论了我们在Wyvern的设计中考虑了哪些安全原则。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Wyvern: Impacting Software Security via Programming Language Design
Breaches of software security affect millions of people, and therefore it is crucial to strive for more secure software systems. However, the effect of programming language design on software security is not easily measured or studied. In the absence of scientific insight, opinions range from those that claim that programming language design has no effect on security of the system, to those that believe that programming language design is the only way to provide "high-assurance software." In this paper, we discuss how programming language design can impact software security by looking at a specific example: the Wyvern programming language. We report on how the design of the Wyvern programming language leverages security principles, together with hypotheses about how usability impacts security, in order to prevent command injection attacks. Furthermore, we discuss what security principles we considered in Wyvern's design.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信