kode vicious

get wedded to a language, but a language is simply one tool for applying a technique, so study the techniques when you can.

An interest in algorithms is very important as well, because this is where all technique in computer science comes from. At this point most people know that you take a mutex before accessing shared data, but do they know why? Do they know how mutexes work even at a general level? If you understand the technique that underlies a mutex, then you can apply it correctly; if you don’t, then you’re just following a recipe. Cooks follow recipes; chefs take the recipe and make it their own.

At perhaps the highest level it’s important to remain curious about how things work. Treating too many parts of a system as black boxes is a great way to reduce yourself and your work to a simple cog in a large software machine. Take things apart, read code that you’re not responsible for, and offer to help on projects that you don’t understand.

In the past I’ve talked about my booklist (http://queue. acm.org/detail.cfm?id=1127862), as well as the importance of reading papers ( http://queue.acm.org/detail. cfm?id=1036484). Those articles are both good places to start.

citizens—or the ruling junta, take your pick—may be protected from possibly dangerous or harmful products or ideas. Most people have crossed a national border at some time or other in their lives, or they’ve seen someone do it in a movie. The process is simple to describe: a person is employed to guard the border, and another person wishes to cross the border, usually with some articles that they are carrying, such as extra clothing, a toothbrush, etc. The

Take things apart, read code
that you’re not responsible
for, and offer to help
on projects that you

don’t understand.

person crossing the border presents papers to the guard,
the guard asks a few questions, and the person is then,
KV usually, free to enter the country. The guard has the right
to inspect the person’s luggage for contraband, but in
practice this is rarely undertaken because the cost is too
high to check every person, so people are singled out for
inspection on various criteria, most of which are spurious.

With that mental model in place we can now move back to the software world. In our world the traveler is the context of a program—its executing instructions— which wishes to access a service in some part of the system. A very common example from operating systems is a system call, which is a barrier between the kernel and a user program. The reason that we have system calls is that it is dangerous for a piece of code, which could be malicious, or more likely, buggy, to execute directly in the operating-system kernel. If it did, it would have too much access to the system and could cause it to fail or cause other programs to fail.

People have taken this simple model to various extremes. In some systems, code is never allowed to cross a boundary in any way. These are message-passing systems, where components send messages to each other in order to get work done. No component of a message-passing system can be corrupted by running code from outside, because an outside thread of execution never

Dear KV, One of the problems I find in building secure software is the number of boundaries that must be crossed and checked between cooperating components. Although computers have certainly gotten faster, that seems to me no reason just to place barriers throughout code and believe that this proliferation makes the code any safer or easier to maintain. Frequently, such barriers seem only to cause delays without providing any real value. Where do you weigh in on this type of debate?

Bound by Barriers

Dear Bound,

Where do I weigh in? At my doctor’s office, alas, where he continues to complain that a steady diet of stress, alcohol, and late-night pizza is leading me to ruin. I think he would like it if he could put a barrier over my mouth, but, then, he would not be alone in that. All boundaries have a cost—in the real world and in software. Perhaps it’s easiest for the moment to think about barriers in the real world as an example.

All countries maintain, at some level, their physical borders. They attempt to create narrow areas through which all persons and goods must travel so that their