[lambdaheads]Design 2


In this course, we have studied several aspects of type systems, including type safety and type soundness. Type systems are useful both at providing documentation and at reducing the potential for errors. some of these errors can affect computer security. Security is a topic of growing importance because the impact of weak security can range from the personal to the geopolitical. Violation of security not only affects intagibles (reputation, trust, personal sense of safety, ...), it can also have financial implications (eg, when banks are corporations are broken into). In addition, every violation or potential violation wastes expensive human effort for detection, correction and clean-up.

The CIAC (Computer Incident Advisory Capability) periodically announces computer security alerts notifying sites of known vulnerabilities in widespread computer software. They post alerts and bulletins on their Web site, and send them to a mailing list read by system administrators and others interested in security topics (such as your professor).

This assignment asks you to study a collection of recent CIAC bulletins, specifically those for Fiscal Year 2001. As of this writing, there were 18 such bulletins, labeled L-001 through L-018. Ignore any bulletins outside this range.

You must study each of the alerts in the designated range. For each alert, understand the technical cause behind the compromise of security. Then try to characterize whether or not the problem is related to programming languages. If so, explain which aspects of programming languages are involved, and how language design or implementation could have avoided the problem in the first place. (You do not have to look for additional information than that provided in each Web bulletin. If a bulletin doesn't provide enough information, as some don't, mark its cause as indeterminate and move on.)

About Your Response

Write a brief response to each alert. First, explain the technical problem in one paragraph. Second, indicate very briefly whether the problem is linguistic. If it is, write one paragraph indicating which part(s) of a programming language are involved, and what change(s) could have avoided this error in the first place. If it isn't, briefly explain why it falls outside the proper scope of programming languages. (Note that almost everything is caused by programming error. Be careful to distinguish between that and the topic of programming languages.)

Be brief. The goal of this assignment is not to generate lots of text, but rather to force you to confront and understand real-world computer science issues and relate them to the course content. For some alerts, you may feel no need to write more than one sentence. That's okay (so long as it's the right sentence). Don't speculate or pontificate.

Turn in your text on paper. Unless your handwriting is extremely legible, please print your submission. Your responses are due by 2am on 2000-11-29.