Approaches to Cyber-Resilience through Language System Design

November, 2018
IDA document: D-10330
FFRDC: Systems and Analyses Center
Type: Documents
Division: Information Technology and Systems Division
David A. Wheeler See more authors
Current software often does not do what users wish due to defects, including security vulnerabilities. The defects (including vulnerabilities) may be unintentional or intentionally inserted. This presentation argues that it is possible to design, select, and modify our programming systems to reduce the presence or impact of defects, and in some cases eliminate them entirely. This involves designing or modifying our programming languages, style checkers/enforcers, libraries, frameworks, package managers, and other software development infrastructure to counter these defects. The presentation does this by identifying many approaches that can be applied to the programming language (including its syntax and semantics) and development processes (specifically design, implementation, verification, and sustainment). The myriad approaches demonstrate that programming systems can be designed to improve resilience. It is best to do it up front, but some incremental improvements can also be made to existing systems. In conclusion, if we want to reduce software defects, programming system developers must consider countering defects as an important objective.