The objective of this project is to gather empirical evidence on the tradeoffs between security and usability in programming language and library design. Although it is well known that poorly-designed interfaces can lead to increased defect rates and software vulnerabilities, there is currently little specific guidance to designers on what precise language and library features make programmers more or less likely to write vulnerable code. Furthermore, little of the existing guidance is empirically based. The project will develop empirically-based guidance on two issues. First, the ISO/IEC standardization working group for the C programming language is currently evaluating multiple proposals for adding concurrency to the language, and this project will produce data to inform their decision-making process. Second, by evaluating the impact of the use of mutability, the project will provide data that may influence how future programming languages and libraries are designed.
The project involves three parts. The first phase is an analysis of flaws in code that uses the draft versions of the C concurrency APIs under consideration as well as comparable Java databases on concurrency-related flaws. In the second and third phases, programmers who have between 2 and 5 years of experience will be asked to complete tasks using competing interface designs. The first set of experiments will evaluate competing C and C++ parallel language extensions to determine which language and library features are more likely to result in secure code. Specifically, the investigators will measure the programmers' ability to produce concurrent code free from security-related defects, such as "data races" and "time-of-check-to-time-of-use" errors using the different libraries. The investigators will then build upon this work to evaluate tradeoffs between security and usability when using immutability to reduce the likelihood of vulnerabilities in concurrent code. Through these two experiments, the project will advance the science of cybersecurity by developing a methodology for empirically evaluating how library and language design affect the frequency with which trained professional programmers inadvertently introduce security vulnerabilities during implementation.
|