Are You Writing Safe And Secure Software?

Download this article in .PDF format
This file type includes high resolution graphics and schematics.

Secure Boot, iPhones, mulch, safety, and Ada—I promise to tie them  all together, since they’re all related. Sort of.

As a programmer, I try to write code that’s not only functional but also safe, secure, and reliable. I work at learning the best techniques, using the best compiler tools, and taking advantage of the latest technology. Great. Everyone knows that C dominates the embedded space. But what if some of those things I learn or use aren’t quite right?

... But Everyone Uses Mulch

So now the mulch. You’ve seen it everywhere on landscaped lawns. There are giant mounds around every tree. It looks great, if you like that kind of thing. It makes mowing, especially in large riding lawnmowers, so easy.

Unfortunately, piling bark mulch around most anything, especially trees, isn’t a great idea. Compost is good around bushes, but trees don’t like anything stacked up on their bark. There are other good uses for bark mulch, though.

C and C++ aren’t quite as bad as mulch around trees, but using them just because everyone else does can be an issue because they’re prone to bugs. Dangling pointers and buffer overflows are common C bugs.

... And Now the iPhone

Researchers at my alma mater, Georgia Tech, attacked an iPhone using a smart USB charger (see the figure). Apple decided to use digital rights management (DRM) to restrict licensing of high-current USB chargers. Essentially, the charger handshakes with the phone using the USB data channel before it raises the amount of power delivered.

The charger sends a key in its handshake packet. The researchers caused a buffer overflow. This form of injection attack is common in jailbreaking smart phones and other devices. They take advantage of a software bug.

The number of buffer overflow attacks on everything from smart phones to servers is rather extensive, though. One might think that avoiding these kinds of problems would improve the safety and security of quite a few systems.  

The new USB standard also provides a high-current feature, but it does not use the data link. Instead, it uses some creative analog signalling.

Read ABout Ada 2012, To be Safe

This brings me to Ada, which is designed from the ground up for safety and security. Its features also turn out to make bug-free programming much easier. But from a programming perspective, I’m still a neophyte. I have been using it more and learning quite a bit about it, but I defer to the experts in trying to convince programmers about its advantages.

Safe and Secure Software - An Invitation to Ada 2012, a free e-book from AdaCore available at, highlights programming issues that arise with any programming language. Of course, it explains why Ada 2012 is a better solution often because it does things that other languages, including C++ and Java, do not address.

For example, Ada’s type system puts most others to shame. Its pointer support provides finer-grain control, allowing the compiler to catch more errors. Ada’s storage management is something that most languages relegate to libraries, but there are reasons for incorporating it into the compiler.

Ada 2012 also brings contracts out of the SPARK comment realm and into the language itself. This is reason enough to take another look at Ada, but there is plenty more. The book shows the problems, how they are addressed with other languages, and why Ada was designed to address these issues.

The book offers a flavor of Ada, but it is designed for any programmer. It addresses Ada basics like built-in range checking that probably would have caught the iPhone charger problem. Hopefully, the book will get you thinking.

Still, C and C++ won’t be abandoned en masse. Tools like MISRA C can help. I recommend looking into static and dynamic analysis tools because they do make a difference.

Download this article in .PDF format
This file type includes high resolution graphics and schematics.

Discuss this Blog Entry 3

on Jun 18, 2013

Anyone concerned about safe and secure software needs to visit and get up to speed on those research results. They are sobering and raise very serious questions about the fundamental un-securability of much of the world's software. Hint: it is not because the code is "wrong" or "buggy", but rather by its very nature, it can never be "right". This work is going to have far-reaching impact and embedded designers and programmers will feel it acutely.

Newsletter Signup

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems


William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Commentaries and Blogs
Guest Blogs
Nov 11, 2014

How to Outsource Your Project to Failure 4

This article will address failure to carefully vet a potential manufacturing or “turnkey” partner and/or failure to transfer sufficient information and requirements to such a partner, a very common problem I have seen again and again with my clients over the years, and have been the shoulder cried upon by several relatives and clients in the past....More
Nov 11, 2014

Transition from the Academe to the Industry Unraveled 1

There have been many arguments here and there about how short-comings of universities and colleges yield engineers with skill sets that do not cater to the demands of the industry. There have been many arguments here and there about an imminent shortage of engineers lacking knowledge in the sciences. There have been many arguments here and there about how the experience and know-how of engineers in the industry may vanish due to the fact that they can’t be passed on because the academic curriculum deviates from it....More
Nov 11, 2014

Small Beginnings 5

About 10 years ago I received a phone call from an acquaintance. He had found a new opportunity selling some sort of investments and he wanted to share it with me in case I was interested. Ken had done fairly well for many years as a contract software developer primarily in the financial services sector. His specialty was writing RPG code. (RPG is often referred to as a write only language.) But he was seeing the handwriting on the wall as the industry moved on to other methods, and saw himself becoming a fossil....More

Sponsored Introduction Continue on to (or wait seconds) ×