@inproceedings{3d834c165e8f4b8b9c6e5660ca0da164,
title = "Insecure programming: How culpable is a language's syntax?",
abstract = "Vulnerabilities in software stem from poorly written code. Inadvertent errors may creep in due to programmers not being aware of the security implications of their code. Writing secure code is largely a software engineering issue requiring the education of programmers about safe coding practices. Various projects and efforts such as memory usage profiling, meta-compilation and typing proofs that verify correctness of the code at compile-time and run-time provide additional assistance in this regard. We point out that in the context of security, one aspect that is perhaps underrated or overlooked is that vulnerabilities may be inherent in the syntax and grammar of a programming language itself. We leverage on some well-studied problems to show that small syntactic discrepancies may lead to vast semantic differences in programs and in turn, correlate to hard security errors. This technique will helps caution programmers on the types of errors to avoid as well as serve as a guideline for language designers to lay emphasis not only on richness of language features but also the unambiguity of the syntax.",
keywords = "Computer errors, Computer languages, Computer science, Computer security, Creep, Data security, Java, Programming profession, Runtime, Writing",
author = "R. Chinchani and A. Iyer and B. Jayaraman and S. Upadhyaya",
note = "Publisher Copyright: {\textcopyright} 2003 IEEE.; IEEE Systems, Man and Cybernetics Society Information Assurance Workshop ; Conference date: 18-06-2003 Through 20-06-2003",
year = "2003",
doi = "10.1109/SMCSIA.2003.1232415",
language = "English",
series = "IEEE Systems, Man and Cybernetics Society Information Assurance Workshop",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "158--163",
booktitle = "IEEE Systems, Man and Cybernetics Society Information Assurance Workshop",
address = "United States",
}