kode vicious
get wedded to a language, but a language is simply one
tool for applying a technique, so study the techniques
when you can.
An interest in algorithms is very important as well,
because this is where all technique in computer science
comes from. At this point most people know that you
take a mutex before accessing shared data, but do they
know why? Do they know how mutexes work even at
a general level? If you understand the technique that
underlies a mutex, then you can apply it correctly; if you
don’t, then you’re just following a recipe. Cooks follow
recipes; chefs take the recipe and make it their own.
At perhaps the highest level it’s important to remain
curious about how things work. Treating too many
parts of a system as black boxes is a great way to reduce
yourself and your work to a simple cog in a large software
machine. Take things apart, read code that you’re not
responsible for, and offer to help on projects that you
don’t understand.
In the past I’ve talked about my booklist (http://queue.
acm.org/detail.cfm?id=1127862), as well as the importance of reading papers ( http://queue.acm.org/detail.
cfm?id=1036484). Those articles are both good places to
start.
citizens—or the ruling junta, take your pick—may be
protected from possibly dangerous or harmful products or
ideas. Most people have crossed a national border at some
time or other in their lives, or they’ve seen someone do it
in a movie. The process is simple to describe: a person is
employed to guard the border, and another person wishes
to cross the border, usually with some articles that they
are carrying, such as extra clothing, a toothbrush, etc. The
Take things apart, read code
that you’re not responsible
for, and offer to help
on projects that you
don’t understand.
person crossing the border presents papers to the guard,
the guard asks a few questions, and the person is then,
KV usually, free to enter the country. The guard has the right
to inspect the person’s luggage for contraband, but in
practice this is rarely undertaken because the cost is too
high to check every person, so people are singled out for
inspection on various criteria, most of which are spurious.
With that mental model in place we can now move
back to the software world. In our world the traveler is
the context of a program—its executing instructions—
which wishes to access a service in some part of the
system. A very common example from operating systems
is a system call, which is a barrier between the kernel and
a user program. The reason that we have system calls is
that it is dangerous for a piece of code, which could be
malicious, or more likely, buggy, to execute directly in the
operating-system kernel. If it did, it would have too much
access to the system and could cause it to fail or cause
other programs to fail.
People have taken this simple model to various
extremes. In some systems, code is never allowed to
cross a boundary in any way. These are message-passing
systems, where components send messages to each other
in order to get work done. No component of a message-passing system can be corrupted by running code from
outside, because an outside thread of execution never
Dear KV,
One of the problems I find in building secure software
is the number of boundaries that must be crossed and
checked between cooperating components. Although
computers have certainly gotten faster, that seems to
me no reason just to place barriers throughout code and
believe that this proliferation makes the code any safer or
easier to maintain. Frequently, such barriers seem only to
cause delays without providing any real value. Where do
you weigh in on this type of debate?
Bound by Barriers
Dear Bound,
Where do I weigh in? At my doctor’s office, alas, where
he continues to complain that a steady diet of stress,
alcohol, and late-night pizza is leading me to ruin. I think
he would like it if he could put a barrier over my mouth,
but, then, he would not be alone in that. All boundaries
have a cost—in the real world and in software. Perhaps
it’s easiest for the moment to think about barriers in the
real world as an example.
All countries maintain, at some level, their physical
borders. They attempt to create narrow areas through
which all persons and goods must travel so that their
