Robust Programming by Example

  • Matt Bishop
  • Chip Elliott
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 406)

Abstract

Robust programming lies at the heart of the type of coding called “secure programming”. Yet it is rarely taught in academia. More commonly, the focus is on how to avoid creating well-known vulnerabilities. While important, that misses the point: a well-structured, robust program should anticipate where problems might arise and compensate for them. This paper discusses one view of robust programming and gives an example of how it may be taught.

Keywords

Security Policy Error Indicator Secure Programming Good Programming Queue Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full conference paper text

References

  1. 1.
    Infusion pump improvement initiative. Tech. rep. Center for Devices and Radiological Health, U. S. Food and Drug Administration (April 2010), http://www.fda.gov/downloads/MedicalDevices/ProductsandMedicalProcedures//parGeneralHospitalDevicesandSupplies/InfusionPumps/UCM206189.pdf
  2. 2.
    Bilton, N.: Bug causes iphone alarm to greet new year with silence (January 2, 2011), http://www.nytimes.com/2011/01/03/technology/03iphone.html
  3. 3.
    Bishop, M.: Computer Security: Art and Science. Addison-Wesley, Boston (2002), http://www.amazon.com/gp/product/0201440997 Google Scholar
  4. 4.
    Bishop, M.: Some ‘secure programming’ exercises for an introductory programming class. In: Proceedings of the Seventh World Conference on Information Security Education (July 2009)Google Scholar
  5. 5.
    Bishop, M., Frincke, D.: Teaching secure programming. IEEE Security & Privacy 3(5), 54–56 (2005)CrossRefGoogle Scholar
  6. 6.
    Bishop, M., Orvis, B.J.: A clinic to teach good programming practices. In: Proceedings of the Tenth Colloquium on Information Systems Security Education, pp. 168–174 (June 2006)Google Scholar
  7. 7.
    Johnson, R.: More details on today’s outage (September 2010), http://www.facebook.com/note.php?note_id=431441338919&id=9445547199&ref=mf
  8. 8.
    Kernighan, B.W., Pike, R.: The Practice of Programming. Addison-Wesley Professional, Boston (1999)Google Scholar
  9. 9.
    Kernighan, B.W., Plauger, P.J.: The Elements of Programming Style, 2nd edn. Computing McGraw-Hill (1978)Google Scholar
  10. 10.
    Ledgard, H.F.: Programming Proverbs. Hayden Book Co. (1975)Google Scholar
  11. 11.
    Maguire, S.: Writing Solid Code. Microsoft Programming Series. Microsoft Press, Redmond (1993), http://www.amazon.com/dp/1556155514 Google Scholar
  12. 12.
    Seacord, R.C.: Secure Coding in C and C++. Addison-Wesley Professional, Upper Saddle River (2005), http://www.amazon.com/dp/0321335724 Google Scholar
  13. 13.
    Zetter, K.: Serious error in Diebold voting software caused lost ballots in California county—Update (December 8, 2008), http://www.wired.com/threatlevel/2008/12/unique-election/

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Matt Bishop
    • 1
  • Chip Elliott
    • 2
  1. 1.Dept. of Computer ScienceUniversity of California at DavisDavisUSA
  2. 2.GENI Project OfficeBBN TechnologiesCambridgeUSA

Personalised recommendations