Thread overview
Attacking Attack Patterns
Feb 19, 2010
Manfred_Nowak
Feb 19, 2010
retard
Feb 19, 2010
Walter Bright
Feb 19, 2010
Justin Johansson
Feb 19, 2010
Walter Bright
Feb 20, 2010
Robert Jacques
February 19, 2010
http://cwe.mitre.org/top25/
shows patterns of attacs.

Does someone see a way to use D design patterns to stop attack patterns?

-manfred
February 19, 2010
Fri, 19 Feb 2010 19:44:14 +0000, Manfred_Nowak wrote:

> http://cwe.mitre.org/top25/
> shows patterns of attacs.
> 
> Does someone see a way to use D design patterns to stop attack patterns?

At least I can see a lot of reasons why D is vulnerable to many of those low level attacks because of the desire to be able to control every possible bit state in the program. In fact D is even worse than Java/C# from this point of view. At least in the web environment some state of the art technologies immediately come to mind http://lambda-the- ultimate.org/node/3068
February 19, 2010
retard wrote:
> Fri, 19 Feb 2010 19:44:14 +0000, Manfred_Nowak wrote:
> 
>> http://cwe.mitre.org/top25/
>> shows patterns of attacs.
>>
>> Does someone see a way to use D design patterns to stop attack patterns?
> 
> At least I can see a lot of reasons why D is vulnerable to many of those low level attacks because of the desire to be able to control every possible bit state in the program. In fact D is even worse than Java/C# from this point of view.

D has safe mode, which when used offers as much safety as C# or Java. Note that you can do unsafe things in C# if you so choose.


> At least in the web environment some state of the art technologies immediately come to mind http://lambda-the-
> ultimate.org/node/3068
February 19, 2010
retard wrote:
> Fri, 19 Feb 2010 19:44:14 +0000, Manfred_Nowak wrote:
> 
>> http://cwe.mitre.org/top25/
>> shows patterns of attacs.
>>
>> Does someone see a way to use D design patterns to stop attack patterns?
> 
> At least I can see a lot of reasons why D is vulnerable to many of those low level attacks because of the desire to be able to control every possible bit state in the program. In fact D is even worse than Java/C# from this point of view.

I guess SafeD wouldn't be the slouch of the three.

Andrei
February 19, 2010
Manfred_Nowak wrote:
> http://cwe.mitre.org/top25/
> shows patterns of attacs.
> 
> Does someone see a way to use D design patterns to stop attack patterns?
> 
> -manfred

Bounds checking takes care of quite a few issues, but that's a banal thing to remark.

One more interesting thing that I see doable (and have seen done in e.g. Perl) is the @tainted attribute, which marks an untrusted string. That could help with [2], [6], [7], [9], [20].


Andrei
February 19, 2010
Andrei Alexandrescu wrote:
> One more interesting thing that I see doable (and have seen done in e.g. Perl) is the @tainted attribute, which marks an untrusted string. That could help with [2], [6], [7], [9], [20].

I agree that engaging the type system's help to track untrusted data through the code can be very helpful.
February 19, 2010
retard wrote:
> Fri, 19 Feb 2010 19:44:14 +0000, Manfred_Nowak wrote:
> 
>> http://cwe.mitre.org/top25/
>> shows patterns of attacs.
>>
>> Does someone see a way to use D design patterns to stop attack patterns?
> 
> At least I can see a lot of reasons why D is vulnerable to many of those low level attacks because of the desire to be able to control every possible bit state in the program. In fact D is even worse than Java/C# from this point of view. At least in the web environment some state of the art technologies immediately come to mind

> http://lambda-the-ultimate.org/node/3068

Ur/Web sounds interesting.

Have you actually tried it in anger?
February 20, 2010
On Fri, 19 Feb 2010 14:44:14 -0500, Manfred_Nowak <svv1999@hotmail.com> wrote:

> http://cwe.mitre.org/top25/
> shows patterns of attacs.
>
> Does someone see a way to use D design patterns to stop attack patterns?
>
> -manfred

I really don't like this list because its a list of unsecure coding patterns and not dangerous one. The only one of them has ever killed anyone (race conditions, #25), the rest just lead to identity theft. I'd also put "poorly written error messages", "integer overflows" and "corrupting datafiles" up there as things that have killed people.

Anyways, in response to your question D's concurrency strategy should make it (relatively) difficult to cause races. And most of the attack patterns are at a higher level than raw code.
February 20, 2010
Robert Jacques wrote:
> On Fri, 19 Feb 2010 14:44:14 -0500, Manfred_Nowak <svv1999@hotmail.com> wrote:
> 
>> http://cwe.mitre.org/top25/
>> shows patterns of attacs.
>>
>> Does someone see a way to use D design patterns to stop attack patterns?
>>
>> -manfred
> 
> I really don't like this list because its a list of unsecure coding patterns and not dangerous one. The only one of them has ever killed anyone (race conditions, #25), the rest just lead to identity theft. I'd also put "poorly written error messages", "integer overflows" and "corrupting datafiles" up there as things that have killed people.
> 
> Anyways, in response to your question D's concurrency strategy should make it (relatively) difficult to cause races. And most of the attack patterns are at a higher level than raw code.

As far as I can tell low-level races are impossible in SafeD.

Andrei
February 20, 2010
Robert Jacques wrote:
> On Fri, 19 Feb 2010 14:44:14 -0500, Manfred_Nowak <svv1999@hotmail.com> wrote:
> 
>> http://cwe.mitre.org/top25/
>> shows patterns of attacs.
>>
>> Does someone see a way to use D design patterns to stop attack patterns?
>>
>> -manfred
> 
> I really don't like this list because its a list of unsecure coding patterns and not dangerous one. The only one of them has ever killed anyone (race conditions, #25), the rest just lead to identity theft. I'd also put "poorly written error messages", "integer overflows" and "corrupting datafiles" up there as things that have killed people.
> 
> Anyways, in response to your question D's concurrency strategy should make it (relatively) difficult to cause races. And most of the attack patterns are at a higher level than raw code.

Oh hey... null pointer dereference is not on the list :o).

Andrei