Designing High-Security Systems: A Comparison of Programming Languages

Designing High-Security Systems: A Comparison of Programming Languages. Ben Brosgol. STSC.

The high degree of interconnectivity in today’s computing systems and the increasing threat from technically sophisticated adversaries make security an essential requirement in modern military software. Many technical factors affect the ease or difficulty of meeting this requirement, including the programming language, the software development tools, the operating system, and the application program interface. This presentation focuses on the programming language, which is arguably the factor that a development project manager can control most directly, and assesses three major language families with respect to the criteria that a secure system must meet:

* Ada 2005 and the Ada-based SPARK language
* C and C++
* Java and its relevant extensions (Real-Time Specification for Java, Safety-Critical Real-Time Java)

The presentation focuses in particular on how modern language features (such as the data type model, Object-Oriented Programming ("OOP"), exception handling, and concurrency) affect application security, and compares the requirememts for security and for safety.

Not overly technical, but a useful summary none the less.