Module 2

Secure Software Development (Computer Science)

Unit 3

Programming Languages: History, Concepts & Design

Learning Outcomes

  • Describe some key milestones in the development of programming languages.
  • Outline some of the key paradigms that define the different types of languages.
  • Explain the key concepts that determine the operation of programming languages.
  • Discuss key programming challenges and recommended best practices.
  • Explain what design patterns are and when to use them.

e-Portfolio Component: Collaborative Discussion 1: UML flowchart

  • A summary post was provided to the discussion forum. Link to the discussion forum's post: here

Team Discussion: What is a Secure Programming Language?

You should read Chapter 2,6,7,8 of the course text (Pillai, 2017) and Cifuentes & Bierman (2019) and then answer the questions below, adding them as evidence to your e-portfolio.

1. What factors determine whether a programming language is secure or not?

  • Injection: Compile SQL queries from another language, escaping special characters. But doing this creates a trade-off in that some features relying on special characters in SQL syntax may become harder to use or unavailable. E.g., querying an ltree column in SQL while escaping special characters in the SQL statement.
  • Information leaks: Languages like C—manual memory management—could expose parts of memory that shouldn't be exposed—e.g., an attacker can read information in memory that they shouldn't have access to.
  • Buffer overflow: E.g., Rust automatically frees memory after variables go out of scope.
  • Conclusion: No language is fully secure. Every language has different properties that make it more or less secure in different ways.

2. Could Python be classified as a secure language? Justify your answer.

  • Python has garbage collection, which gives it protection against buffer overflow compared to languages without garbage collection like C.
  • Use built-in features of a programming language or framework (e.g., Django’s ORM to escape SQL queries) or use external libraries or custom implementations.
  • Python is a very widely used language, with not many security incidents relating to the language itself.
  • Despite this, as mentioned above, no language is fully secure, including Python.

3. Python would be a better language to create operating systems than C. Discuss.

  • Python would be better in a way because it’s more secure, but it would be impractical to use for an operating system because it is an interpreted language that is executed slower than a compiled language like C.
  • Python does not have access to low-level features such as hardware and memory addressing, instead relying on abstractions provided by an existing kernel. It is theoretically possible to create an operating system based mainly on Python, but low-level features will have to be coded in a different language like C.
  • In such a scenario, since we are not fully using Python, we do not benefit entirely from its security features. Languages like C, C++, and Rust are more suitable for the task than Python. Rust’s security features give it a benefit in writing operating systems over C.

Meeting Notes

Meeting 1
  • Date: 14 August 2024
  • Time (UK): 18:00–18:20
  • Venue: Zoom
  • Attendees: Anupam Mazumdar, Adriaan Joubert, and Shraddha Gore
  • Agenda:
    • Anupam confirmed the scope of the application.
    • The requirements of the design document and peer review were discussed.
  • Next steps:
    • Set up a team meeting to divide responsibilities and start working on the design document.

Reflection

  • Unit 3 presented significant challenges due to competing work priorities. Consequently, I focused on completing essential activities. The unit's summary post, my first, required extensive research as I lacked prior references. To address this, I compiled the weaknesses identified by my peers during the unit.

Email

sg24002@essex.ac.uk

Phone

-

Address

Mumbai, India