Skip to site navigation (Press enter)


[SC-L] Cost of provably-correct code (was: bumper sticker slogan for secure software)


Fri, 21 Jul 2006 18:56:19 -0700 


Crispin Cowan wrote on 21 July 2006 18:45:

>>
Yes, you can have provably correct code. Cost is approximately $20,000 per line
of code. That is what the "procedures" required for correct code cost. Oh, and
they are kind of super-linear, so one program of 200 lines costs more than 2
programs of 100 lines.
<<

To arrive at that cost, I can only assume that you are referring to a process in
which all the proofs are done by hand, as was attempted for a few projects in
the 1980s. We current achieve automatic proof rates of 98% to 100% (using PD),
and I hear that Praxis also achieves automatic proof rates well over 90% (using
Spark) these days. This has brought down the cost of producing provable code
enormously.

You are perhaps also including the cost of verifying the object code against the
source code. Although this is sometimes a requirement in the safety-critical
software world, I think it unlikely to be necessary for all but a very few
secure applications, assuming a mature compiler is used.

>>
Indeed, consider SQL injection attacks. They didn't exist 5 years ago, because
no one had thought of them. Same with XSS bugs. Same with printf format string
attacks. All of them are examples of processing user input without validation,
but they are all really big classes of such, and they were discovered to occur
in very large numbers in common code.

What Dana is trying to tell you is that some time in the next year or so,
someone is going to discover yet another of these major vulnerability classes
that no one has thought of before. At that point, a lot of code that was thought
to be reasonably secure suddenly is vulnerable.
<<

I agree, a new class of vulnerability may well be discovered. However, if the
code was specified and developed so as to be provably correct, then it is highly
likely that immunity to a new class of attack can be expressed by adding
additional formal requirements, allowing an immediate evaluation of where in the
design and implementation the vulnerabilities (if any) lie.

David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com





_______________________________________________
Secure Coding mailing list (SC-L)
[email protected]
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php




Previous message
View by thread
View by date
Next message





Re: [SC-L] bumper sticker slogan for secure softwar... Pascal Meunier

Re: [SC-L] bumper sticker slogan for secure sof... Florian Weimer

Re: [SC-L] bumper sticker slogan for secure... Pascal Meunier

Re: [SC-L] bumper sticker slogan for se... der Mouse

Re: [SC-L] bumper sticker slogan for secure... ljknews

Re: [SC-L] bumper sticker slogan for se... John Wilander




Re: [SC-L] bumper sticker slogan for secure software leichter_jerrold
Re: [SC-L] bumper sticker slogan for secure software Dana Epp
Re: [SC-L] bumper sticker slogan for secure software mikeiscool

Re: [SC-L] bumper sticker slogan for secure softwar... Crispin Cowan

[SC-L] Cost of provably-correct code (was: bump... David Crocker

Re: [SC-L] Cost of provably-correct code (w... der Mouse
Re: [SC-L] Cost of provably-correct code Crispin Cowan

Re: [SC-L] bumper sticker slogan for secure sof... mikeiscool


Re: [SC-L] bumper sticker slogan for secure software Mark Graff

[SC-L] security half-life and critical mass securecoding2dave





 Reply via email to






The Mail Archive



The Mail Archive home
sc-l - all messages
sc-l - about the list
Expand
Previous message
Next message










The Mail Archive home
Add your mailing list
FAQ
Support
Privacy
00f701c6ad10$a35a8ba0$cb00000a@escheradmin