[PRL] Programming language for anonymity network

Matthias Felleisen matthias at ccs.neu.edu
Sat Apr 12 18:40:12 EDT 2014


Hi Dave, 

Your criteria are difficult to evaluate, especially (1). I believe that properly 
trained people, can learn to design programs (as opposed to 'program') in 
many languages quickly. I wouldn't want others to participate in my project, 
so (1) is the most difficult one for me. 

Let me venture two proposals: 

-- CompCert's C compiler, which is verified, supplemented by (1) a run-time
that your language group at MPI-SWS inspects and validates possibly at the
same level of rigor and (2) a combination of flow-analysis and annotated type 
system (a la MS, perhaps their tools are now available or from the analysis 
tools from Cousot's group for C binaries on the Airbus) to harden the programs
written in C against such bugs. According to John Regehr's work, you would then
have a highly-reliable, now provably bug-free C compiler hardened at exactly the
point you want. The rest of the tool chain is familiar to you. 

-- use the OCAML system, as it turns out from the same person as CompCert, 
though he barely maintains the OCAML system these days. This task has moved
over to his INRIA surroundings. It's a small, reliable language with strong industrial
support (JaneSt @ Wall St uses it prominently to filter out programmers and has 
co-created an industrial support center in Cambridge, ENG). For my kind of programmer, 
it has (1), maturity and wide-spread (across industries) use, all of Java's and C#'s security, 
and a tool chain I would be comfortable with. 

Hope this is what you had in mind -- Matthias







On Apr 12, 2014, at 3:52 PM, Dave Choffnes wrote:

> (Re-posting because it bounced from PRL last time. Sorry for the duplicate messages!)
> 
> 
> On Fri, Apr 11, 2014 at 10:22 AM, Dave Choffnes <choffnes at ccs.neu.edu> wrote:
> Dear Colleagues,
> 
> My collaborators at MPI-SWS and I are working on the design and implementation of a
> traffic-analysis resistant anonymity network and we would like to
> request your opinion regarding the choice of a programming language /
> environment. Here are the criteria:
> 
> 1) Familiarity: The language should be familiar or easy to learn for
> most potential contributors, as we hope to build a diverse community
> that builds on and contributes to the code.
> 
> 2) Maturity: The language implementation, tool chain and libraries
> should be mature enough to support a production system.
> 
> 3) Language security: The language should minimize the risk of
> security-relevant bugs like buffer overflows.
> 
> 4) Security of runtime / tool chain: It should be hard to inconspicuously backdoor the
> tool chain and, if applicable, runtime environments. 
> 
> To give two concrete examples:
> 
> Using the C language + deterministic builds is an attractive option with
> respect to 1), 2) and 4), but doesn’t provide much regarding 3).
> 
> Java does better with respect to 3), however, it trades some of 3) and
> 4) as compared to C. Specifically, we are concerned that large runtimes
> may be difficult to audit. A similar argument may apply to other
> interpreted languages.
> 
> Given these criteria, what language would you choose and for what
> reasons? We would also appreciate feedback regarding our criteria.
> 
> Thanks!
> David, Nick, Peter, Stevens, and William
> 
> PS: Apologies to those on the sysnetsec at ccs and MPI-SWS mailing list who are seeing this for the second (or third) time.
> 
> _______________________________________________
> PRL mailing list
> PRL at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/prl

-------------- next part --------------
HTML attachment scrubbed and removed


More information about the PRL mailing list