Over the summer I’m taking a class called Programming Languages and Security. This is the first time I’ve delved into security at this level before. It’s a seminar style, which means lots of paper reading, and I am going to give two presentations.
My first presentation was this past Thursday. I spoke about typed assembly language and security automata. It was absolutely fascinating, ignoring the formality of proofs, and all the mathematical notations.
The two papers I discussed were:
- TALx86: A Realistic Typed Assembly Language, 1999
- A Type System for Expressive Security Properties, 2000
The TALx86 begins by describing many shortcomings of the Java Virtual Machine Language (bytecode), including such things as:
- Semantic errors in the bytecode that could have been discovered if a formal model had been used in its design.
- Difficulty in compiling languages other than Java into bytecode. For example, it’s literally impossible to correctly compile Scheme into bytecode. OK, Scheme is a pretty esoteric language, but…
- Difficulty even in extending the Java language because of the bytecode limitations
- Interpretation is slow, and even though JIT is often used these days, that’s not built-in to the VM
My immediate thought on reading this was, “Hey! .Net addresses each and every single one of these points!”
- The CLR defines a minimal subset of functionality that must be supported by every .Net language–allowing over 40 languages to be compiled to MSIL
- As a bonus, MSIL is typed (as is Java bytecode)
- Just-In-Time compilation was designed in from the beginning and generally has superior performance to Java (in my experience)
It also seems that many of the experimental features present in such early research, such as TALx86, has ended up in .Net and compilers these days. Type safety is being pushed lower and lower. Security policies are being implemented into frameworks, operating systems and compilers, and there are other tools that analyze your code for adherence to security best practices.
On platforms such as .Net, type safety is more important because you can have modules written in VB.Net interacting with objects written in C++ or Python, for example. Those languages don’t know about each other’s types, but at the MSIL level you can ensure safety.
If you’d like, a copy of the presentation is available.