Security Considerations in Systems Programming

Memory Safety

• Memory safe languages ensure access only to owned memory in type-consistent ways (see Type Systems and Rust Programming Language.md)
• Unsafe languages (C, C++, assembly) allow undefined behavior (see Resource Ownership and Memory Management.md)
• Common memory safety issues:
  • Type-unsafe allocation
  • Use-before-allocation
  • Use-after-free
  • Returning references to stack-allocated memory
  • Type confusion through casting
  • String handling issues
  • Buffer overflows
  • Uninitialized memory access

Security Impact of Memory Unsafety

• ~50-70% of security vulnerabilities due to memory safety issues
• Example: Microsoft reported 70% of their security updates fix memory safety bugs
• Vulnerabilities continue despite awareness of the problem

Mitigations

• Use all available compiler warnings
• Use static analysis tools (valgrind, sanitizers)
• In C++, use modern language features
• Gradually migrate to memory-safe languages (see Type Systems and Rust Programming Language.md)

Parsing and Network Security

• Input parsers are critical for security
• Problems with Postel’s Law (“be liberal in what you accept”)
• Better approach: clearly specify what is legal/illegal (see Functional Programming for parser combinators)
• Use parser generator tools rather than manual parsing
• Design network protocols for ease of parsing

Type Systems for Security

• Make assumptions explicit through types (see Type Systems and Rust Programming Language.md)
• Use different types for different kinds of data
• Example: Separate types for untrusted input and validated data
• Add semantic tags to track which validation steps have been performed
• Won’t eliminate all vulnerabilities but reduces certain classes

Professional Responsibility

• ACM code of ethics requires avoiding harm
• Using memory-unsafe languages for networked systems increasingly difficult to justify
• Need to adopt best practices before being forced to by regulation