Security as a Software Metric .


30 views
Uploaded on:
Category: Travel / Places
Description
Safety as a Software Metric. Matthias Felleisen and Robert Corky Cartwright Rice University. Why Safety as a Metric? . Measuring Software: Syntax versus Semantics What is Programming Language Safety ? What Makes an Individual Program Safe ? How about Teaching Program Safety? .
Transcripts
Slide 1

Wellbeing as a Software Metric Matthias Felleisen and Robert Corky Cartwright Rice University

Slide 2

Why Safety as a Metric? Measuring Software: Syntax versus Semantics What is Programming Language Safety ? What Makes an Individual Program Safe ? What about Teaching Program Safety?

Slide 3

Why Measure Software? right and effective programming viable programming extensible programming

Slide 4

What do Metrics Measure? lines of code number of methodology, gotos, circles, modules, proclamations versus expressions, … in short: Syntactic Attributes of programming

Slide 5

What ought to Metrics Measure? rightness extensibility practicality in short: semantic and hierarchical characteristics

Slide 6

Measuring Correctness is Difficult … objective: measure certain parts of accuracy particularly: expect the programming dialect is protected, what sort of issues would we be able to foresee?

Slide 7

Safe Programming Languages

Slide 8

Safety - A High-Level View (1) "Close the valve by 10 degrees!" "Turned the valve by 10 degrees!"

Slide 9

Safety - A High-Level View (2) "Close the valve by 10 degrees!" "Turned the valve by 15 degrees!"

Slide 10

Safety - A High-Level View (3) "OUCH!" "Close the valve by 10 degrees!"

Slide 11

Safety - A High-Level View (4) - - - -

Slide 12

Safety - A High-Level View (5) - - - - ERROR!

Slide 13

C and C++ are NOT Safe! int f(int n, int m) { int r = n % m; if (0 == r) return m; else return f(m,r); } primary() { roast a = \'a\'; burn b = \'b\'; int mn[2] = {24,6}; scorch c = \'c\'; singe d = \'d\'; printf("%d\n",f(mn[0],mn[1])); printf("%d\n",f(mn[0],c)); printf("%d\n",f(mn[0],mn[2])); }

Slide 14

Safety in Programming Languages a sheltered dialect ensures each computational primitive, e.g., +, *, if, vector-query, record dereference, … assurance is actualized with a blend of accumulate time and run-time checks security ensures mistakes are gotten wellbeing incredibly expands viability of investigating

Slide 15

Safety … is NOT simply TYPE checking!

Slide 16

Examples Fortran C C++ Perl ML Eiffel Java Scheme (untyped, however sheltered) SAFE Languages UNSAFE Languages

Slide 17

Safe Programs and Measuring Safety

Slide 18

Measuring the Safety of Programs projects in safe dialects flag mistakes projects ought not flag blunders figure out if any computational primitive may flag a mistake make software engineers clarify potential shortcomings

Slide 19

MrSpidey: Measuring the Safety of Scheme Programs Scheme is a vernacular of Algol and LISP lexical extension, five star capacities ("small questions") LISP\'s linguistic structure (enclosures) and primitives (cons, auto, and cdr)

Slide 20

some capacity call, some place in the program

Slide 21

SYMBOLS are terrible for +

Slide 22

general information shapes

Slide 23

Measuring Safety is More than Checking Types check general "information shapes" records with in any event N things vector references …

Slide 24

list with no less than one NUMBER

Slide 25

NIL is not alright

Slide 26

An Elaborate Example from the Scheme Front-end S-expression S-expression ( let (<var> <rhs:exp>) <body:exp>) (( lambda (<var>) <body:exp>) <rhs:exp>)

Slide 27

… yields numerous checks frail invariant

Slide 28

more grounded invariant yields more grounded results

Slide 29

Teaching with Safety Metrics

Slide 30

Program Construction: Rice University, Fall 1998 course on program wellbeing understanding measuring in light of Scheme and Java

Slide 31

On Safety of Languages and Programs programming dialect security program wellbeing hypothesis and devices for "measuring" program security rationales that conservatively surmised semantics rationales that amplify the rationale of sort checking

Slide 32

The Pragmatics of MrSpidey utilizing MrSpidey: checking understanding potential blame destinations: information set information stream is it an issue with the program? is it an issue with the hypothesis/apparatus? in the event that the last mentioned, can a re-association offer assistance?

Slide 33

Hands-on Work homework assignments sets of issues for every shot expanding multifaceted nature hypothesis and practice extend: actualize successive subset of Java modules and information invariants that cross limits investigating vast bits of code

Slide 34

Evaluation (1) course assessment: incredible focused on inquiries: comprehension of dialect wellbeing comprehension of program security comprehension of measuring security with hypothesis provers adequacy of homeworks versus extend

Slide 35

Evaluation (2) Positives: acknowledge wellbeing acknowledge apparatuses acknowledge hypothesis comprehend the above in view of homework Negatives extend too substantial

Slide 36

Summary new, semantics-based pondering "measurements" augmentations: measuring more grounded invariants (numeric imperatives, polyvariant); measuring association (designs?) instructing: a great way to deal with have understudies comprehend fractional rightness

Slide 37

Thank You Mike Fagan (92) Andrew Wright (94) Cormac Flanagan (96) Matthew Flatt Shriram Krishnamurthi Robby Findler

Recommended
View more...