ID 315465046 © Andrey Popov Dreamstime.com
6705dc42f32fa2648b0174b6 Id 315465046 Andrey Popov Dreamstime

Are You Writing Safe And Secure Software?

June 18, 2013
As a programmer, I try to write code that’s not only functional but also safe, secure, and reliable. But what if some of those things I learn or use aren’t quite right?

Secure Boot, iPhones, mulch, safety, and Ada—I promise to tie them  all together, since they’re all related. Sort of.

As a programmer, I try to write code that’s not only functional but also safe, secure, and reliable. I work at learning the best techniques, using the best compiler tools, and taking advantage of the latest technology. Great. Everyone knows that C dominates the embedded space. But what if some of those things I learn or use aren’t quite right?

Download This Article and Read More Articles About Ada and SPARK

ID 315465046 © andrey popov | dreamstime.com
id_315465046__andrey_popov__dreamstime
Home

Are You Writing Safe And Secure Software? (.PDF Download)? (.PDF Download)

Sign in to download the PDF version of Are You Writing Safe And Secure Software?
Dreamstime
developing_software_using_ada_txc_dreamstime
TechXchange

Developing High Reliability Software and Reducing Costs Using Ada

Ada and SPARK are typically used for developing highly reliable software and it can reduce the cost of doing so.

... But Everyone Uses Mulch

So now the mulch. You’ve seen it everywhere on landscaped lawns. There are giant mounds around every tree. It looks great, if you like that kind of thing. It makes mowing, especially in large riding lawnmowers, so easy.

Unfortunately, piling bark mulch around most anything, especially trees, isn’t a great idea. Compost is good around bushes, but trees don’t like anything stacked up on their bark. There are other good uses for bark mulch, though.

C and C++ aren’t quite as bad as mulch around trees, but using them just because everyone else does can be an issue because they’re prone to bugs. Dangling pointers and buffer overflows are common C bugs.

... And Now the iPhone

Researchers at my alma mater, Georgia Tech, attacked an iPhone using a smart USB charger (see the figure). Apple decided to use digital rights management (DRM) to restrict licensing of high-current USB chargers. Essentially, the charger handshakes with the phone using the USB data channel before it raises the amount of power delivered.

The charger sends a key in its handshake packet. The researchers caused a buffer overflow. This form of injection attack is common in jailbreaking smart phones and other devices. They take advantage of a software bug.

The number of buffer overflow attacks on everything from smart phones to servers is rather extensive, though. One might think that avoiding these kinds of problems would improve the safety and security of quite a few systems.  

The new USB standard also provides a high-current feature, but it does not use the data link. Instead, it uses some creative analog signalling.

Read About Ada 2012, To be Safe

This brings me to Ada, which is designed from the ground up for safety and security. Its features also turn out to make bug-free programming much easier. But from a programming perspective, I’m still a neophyte. I have been using it more and learning quite a bit about it, but I defer to the experts in trying to convince programmers about its advantages.

Safe and Secure Software - An Invitation to Ada 2012, a free e-book from AdaCore available at www.adacore.com/safe-secure-booklet, highlights programming issues that arise with any programming language. Of course, it explains why Ada 2012 is a better solution often because it does things that other languages, including C++ and Java, do not address.

For example, Ada’s type system puts most others to shame. Its pointer support provides finer-grain control, allowing the compiler to catch more errors. Ada’s storage management is something that most languages relegate to libraries, but there are reasons for incorporating it into the compiler.

Ada 2012 also brings contracts out of the SPARK comment realm and into the language itself. This is reason enough to take another look at Ada, but there is plenty more. The book shows the problems, how they are addressed with other languages, and why Ada was designed to address these issues.

The book offers a flavor of Ada, but it is designed for any programmer. It addresses Ada basics like built-in range checking that probably would have caught the iPhone charger problem. Hopefully, the book will get you thinking.

Still, C and C++ won’t be abandoned en masse. Tools like MISRA C can help. I recommend looking into static and dynamic analysis tools because they do make a difference.

Download This Article and Read More Articles About Ada and SPARK

ID 315465046 © andrey popov | dreamstime.com
id_315465046__andrey_popov__dreamstime
Home

Are You Writing Safe And Secure Software? (.PDF Download)? (.PDF Download)

Sign in to download the PDF version of Are You Writing Safe And Secure Software?
Image
Software

11 Myths About Ada

The Ada language is alive and well, as can be confirmed by developers of embedded real-time systems in critical industries worldwide. You’d never know that from some of the misconceptio...
Image
Software

Ada 2012: The Joy of Contracts

The new Ada 2012 standard was recently approved by ISO. It incorporates contracts that will have a major impact on application design.
About the Author

William Wong Blog | Senior Content Director

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column. Bill is a Georgia Tech alumni with a B.S in Electrical Engineering and a master's degree in computer science for Rutgers, The State University of New Jersey.

He has written a dozen books and was the first Director of PC Labs at PC Magazine. He has worked in the computer and publication industry for almost 40 years and has been with Electronic Design since 2000. He helps run the Mercer Science and Engineering Fair in Mercer County, NJ.

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!