safety problems
languages that allow unsafe operations (unchecked mem access, injection attacks, privilege elevation)
safe languages
ASP and prolog only let you describe the answer
rust has memory safety features
Rust
provides memory safety without a GC
ownership system prevents memory errors at compile time
no null pointers (uses Option<T>)</T>
zero-cost abstractions
no data races
no buffer overflows, bounds checking
no use-after-free
rust ownership
enables compile time tracking of allocations, the compiler can know exactly when a value has no more references so it can add in code to drop the value at that point
tracks which variables own a value
MISRA C
motor industry software reliability association
promote code safety, security and portability
avoid undefined behaviour and implementation-defined features (features that differ between compilers)
AUTOSAR C++14
automotive open system architecture
based on MIRSA 2008
promotes focus on deterministic behaviour, restrictions on dynamic memory, exceptions and templates
widely used in automotive industry
CWE
common weakness enumeration
community developed list of software weaknesses
spoofing
pretending to be something or someone you are not
tampering
modifying something on disk, on a network or in memory
repudiation
claiming that you didn’t do something or were not responsible
information disclosure
providing information to someone not authorised to see it
denial of service
absorbing resources needed to provide service
elevation of privilege
allowing someone to do something they are not authorised to do
WASM
a text and binary code format for a stack-based VM
made as a compilation target for high-level languages
“a safe, portable, low-level code format designed for efficient exectuion and compact representation”
WASM security
sandboxed environment, each application runs in its own sandbox, communicated externally using APIs
each module is subject to the security policies of its embedding (browser = same-origin policy, non-browser = POSIX security model)
