This guy’s arrogance takes your
breath away. Dijkstra and John Backus
had an (only partially public) spat in
the late 1970s.
SWATT or be SWATTed. The computer security research community
has an especially strong tradition of refuting published results. For example,
SWATT (software-based attestation)
offers a protocol for checking that a
remote system has the memory image
it is supposed to have. A 2009 paper
called “On the Difficulty of Software-based Attestation of Embedded Devices” presents concrete attacks on
SWATT. SWATT authors Adrian Perrig
and Leendert van Doorn did not agree
that the attacks were valid, and, finally,
the paper’s authors, Aurelian Francil-lon et al., responded to the refutation.
A matter of integrity. Code-pointer
integrity (CPI) is a technique for avoiding control-flow hijacking caused by
memory safety errors in C or C++ code.
Missing the Point(er) (2015) presents
attacks against CPI, while Getting the
Point(er) (2015) argues in favor of the
security of CPI.
Acknowledgments. I’d like to thank
many blog readers and Twitter users
for providing feedback on the original blog post from which this article
John Regehr is a computer science professor at the
University of Utah. He likes to create software tools for
making software better.
Copyright held by owner/author.
Publication rights licensed to ACM. $15.00.
about how operating systems should
be structured: as a monolithic collection of code running in kernel mode,
or instead as a group of independent
subsystems isolated by the memory
management unit. Also see some
(one-sided) comments on a reincarnation of the debate. Related to this
discussion, in 2005, Steven Hand et
al. published “Are Virtual Machine
Monitors Microkernels Done Right?”
In response, Gernot Heiser et al. wrote
a paper with the same title in 2006 but
coming to the opposite conclusion.
A very obnoxious paper? “
Social Processes and Proofs of Theorems and Programs” is a provocative opinion piece written in 1979
by Richard De Millo et al. about the
role of formal methods in software
development. Dijkstra called it “a
very obnoxious paper” (see p. 14
of a transcript of an interview with
Dijkstra from 2001) and wrote a response called “A Political Pamphlet
from the Middle Ages.” De Millo et al.
replied: “We must begin by refusing
to concede that our confidence in a
piece of real software has ever been increased by a proof of its correctness ...” See
also Communications’ Letters to the
Editor responding to this article, Victor Yodaiken’s take on the debate, and
three more shots fired in 2010—two
by Moshe Vardi and one by the original paper’s authors.
and Proofs of
Programs” is a
piece written in
1979 by De Millo
et al. about the role
of formal methods
it “a very