Bibliography
[1] ISO/IEC Directives, Part 2, Rules for the structure and drafting of International Standards, 2004
[2] ISO/IEC TR 100001, Information technology — Framework and taxonomy of International Standardized Profiles — Part 1: General principles and documentation framework
[4] ISO/IEC 9899:2011, Information technology — Programming languages — C, with Cor.1:2012, Technical Corrigendum 1
[6] ISO/IEC 30170:2012, Information technology — Programming languages — Ruby
[7] IEC 60559:???
[8] ISO/IEC 1539-1:2010, Information technology — Programming languages — Fortran — Part 1: Base language
[9] ISO/IEC 8652:1995, Information technology — Programming languages — Ada
[10] ISO/IEC 14882:2011, Information technology — Programming languages — C++
[11] R. Seacord, The CERT C Secure Coding Standard. Boston,MA: Addison-Westley, 2008.
[12] Motor Industry Software Reliability Association. Guidelines for the Use of the C Language in Vehicle Based Software, 2012 (third edition)16F11.
[13] ISO/IEC TR24731–1, Information technology — Programming languages, their environments and system software interfaces — Extensions to the C library — Part 1: Bounds-checking interfaces
[14] ISO/IEC TR 15942:2000, Information technology — Programming languages — Guide for the use of the Ada programming language in high integrity systems
[15] Joint Strike Fighter Air Vehicle: C++ Coding Standards for the System Development and Demonstration Program. Lockheed Martin Corporation. December 2005.
[16] Motor Industry Software Reliability Association. Guidelines for the Use of the C++ Language in critical systems, June 2008
[17] ISO/IEC TR 24718: 2005, Information technology — Programming languages — Guide for the use of the Ada Ravenscar Profile in high integrity systems
[18] L. Hatton, Safer C: developing software for high-integrity and safety-critical systems. McGraw-Hill 1995
[20] Software Considerations in Airborne Systems and Equipment Certification. Issued in the USA by the Requirements and Technical Concepts for Aviation (document RTCA SC167/DO-178B) and in Europe by the European Organization for Civil Aviation Electronics (EUROCAE document ED-12B).December 1992.
[21] IEC 61508: Parts 1-7, Functional safety: safety-related systems. 1998. (Part 3 is concerned with software).
[22] ISO/IEC 15408: 1999 Information technology. Security techniques. Evaluation criteria for IT security.
[23] J Barnes, High Integrity Software - the SPARK Approach to Safety and Security. Addison-Wesley. 2002.
[25] Steve Christy, Vulnerability Type Distributions in CVE, V1.0, 2006/10/04
[26] ARIANE 5: Flight 501 Failure, Report by the Inquiry Board, July 19, 1996 http://esamultimedia.esa.int/docs/esa-x-1819eng.pdf
[27] Hogaboom, Richard, A Generic API Bit Manipulation in C, Embedded Systems Programming, Vol 12, No 7, July 1999 http://www.embedded.com/1999/9907/9907feat2.htm
[28] Carlo Ghezzi and Mehdi Jazayeri, Programming Language Concepts, 3rd edition, ISBN-0-471-10426-4, John Wiley & Sons, 1998
[29] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.
[30] Seacord, R. Secure Coding in C and C++. Boston, MA: Addison-Wesley, 2005. See http://www.cert.org/books/secure-coding for news and errata.
[31] John David N. Dionisio. Type Checking. http://myweb.lmu.edu/dondi/share/pl/type-checking-v02.pdf
[32] MISRA Limited. "MISRA C: 2012 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, March 2013 (ISBN 978-1-906400-10-1 and 978-1-906400-11-8).
[33] The Common Weakness Enumeration (CWE) Initiative, MITRE Corporation, (http://cwe.mitre.org/)
[34] Goldberg, David, What Every Computer Scientist Should Know About Floating-Point Arithmetic, ACM Computing Surveys, vol 23, issue 1 (March 1991), ISSN 0360-0300, pp 5-48.
[36] Robert W. Sebesta, Concepts of Programming Languages, 8th edition, ISBN-13: 978-0-321-49362-0, ISBN-10: 0-321-49362-1, Pearson Education, Boston, MA, 2008
[37] Bo Einarsson, ed. Accuracy and Reliability in Scientific Computing, SIAM, July 2005 http://www.nsc.liu.se/wg25/book
[38] GAO Report, Patriot Missile Defense: Software Problem Led to System Failure at Dhahran, Saudi Arabia, B-247094, Feb. 4, 1992, http://archive.gao.gov/t2pbat6/145960.pdf
[39] Robert Skeel, Roundoff Error Cripples Patriot Missile, SIAM News, Volume 25, Number 4, July 1992, page 11, http://www.siam.org/siamnews/general/patriot.htm
[40] CERT. CERT C++ Secure Coding Standard. https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637 (2009).
[41] Holzmann, Garard J., Computer, vol. 39, no. 6, pp 95-97, Jun., 2006, The Power of 10: Rules for Developing Safety-Critical Code
[42] P. V. Bhansali, A systematic approach to identifying a safe subset for safety-critical software, ACM SIGSOFT Software Engineering Notes, v.28 n.4, July 2003
[43] Ada 95 Quality and Style Guide, SPC-91061-CMC, version 02.01.01. Herndon, Virginia: Software Productivity Consortium, 1992. Available from: http://www.adaic.org/docs/95style/95style.pdf
[44] Ghassan, A., & Alkadi, I. (2003). Application of a Revised DIT Metric to Redesign an OO Design. Journal of Object Technology , 127-134.
[45] Subramanian, S., Tsai, W.-T., & Rayadurgam, S. (1998). Design Constraint Violation Detection in Safety-Critical Systems. The 3rd IEEE International Symposium on High-Assurance Systems Engineering , 109 - 116.
Index
Ada, 13, 59, 63, 73, 76
AMV – Type-breaking Reinterpretation of Data, 72
API
Application Programming Interface, 16
APL, 48
Apple
OS X, 120
application vulnerabilities, 9
Application Vulnerabilities
Adherence to Least Privilege [XYN], 113
Authentication Logic Error [XZO], 135
Cross-site Scripting [XYT], 125
Discrepancy Information Leak [XZL], 129
Distinguished Values in Data Types [KLK], 112
Download of Code Without Integrity Check [DLB], 137
Executing or Loading Untrusted Code [XYS], 116
Hard-coded Password [XYP], 136
Improper Restriction of Excessive Authentication Attempts [WPL], 140
Improperly Verified Signature [XZR], 128
Inclusion of Functionality from Untrusted Control Sphere [DHU], 139
Incorrect Authorization [BJE], 138
Injection [RST], 122
Insufficiently Protected Credentials [XYM], 133
Memory Locking [XZX], 117
Missing or Inconsistent Access Control [XZN], 134
Missing Required Cryptographic Step [XZS], 133
Path Traversal [EWR], 130
Privilege Sandbox Issues [XYO], 114
Resource Exhaustion [XZP], 118
Resource Names [HTS], 120
Sensitive Information Uncleared Before Use [XZK], 130
Unquoted Search Path or Element [XZQ], 127
Unrestricted File Upload [CBF], 119
Unspecified Functionality [BVQ], 111
URL Redirection to Untrusted Site ('Open Redirect') [PYQ], 140
Use of a One-Way Hash without a Salt [MVX], 141
application vulnerability, 5
Ariane 5, 21
bitwise operators, 48
BJE – Incorrect Authorization, 138
BJL – Namespace Issues, 43
black-list, 120, 124
BQF – Unspecified Behaviour, 92, 94, 95
break, 60
BRS – Obscure Language Features, 91
buffer boundary violation, 23
buffer overflow, 23, 26
buffer underwrite, 23
BVQ – Unspecified Functionality, 111
C, 22, 48, 50, 51, 58, 60, 63, 73
C++, 48, 51, 58, 63, 73, 76, 86
C11, 192
call by copy, 61
call by name, 61
call by reference, 61
call by result, 61
call by value, 61
call by value-result, 61
CBF – Unrestricted File Upload, 119
CCB – Enumerator Issues, 18
CGA – Concurrency – Activation, 98
CGM – Protocol Lock Errors, 105
CGS – Concurrency – Premature Termination, 103
CGT - Concurrency – Directed termination, 100
CGX – Concurrent Data Access, 101
CGY – Inadequately Secure Communication of Shared Resources, 107
CJM – String Termination, 22
CLL – Switch Statements and Static Analysis, 54
concurrency, 2
continue, 60
cryptologic, 71, 128
CSJ – Passing Parameters and Return Values, 61, 82
dangling reference, 31
DCM – Dangling References to Stack Frames, 63
Deactivated code, 53
Dead code, 53
deadlock, 106
DHU – Inclusion of Functionality from Untrusted Control Sphere, 139
Diffie-Hellman-style, 136
digital signature, 84
DJS – Inter-language Calling, 81
DLB – Download of Code Without Integrity Check, 137
DoS
Denial of Service, 118
dynamically linked, 83
EFS – Use of unchecked data from an uncontrolled or tainted source, 109
encryption, 128, 133
endian
big, 15
little, 15
endianness, 14
Enumerations, 18
EOJ – Demarcation of Control Flow, 56
EWD – Structured Programming, 60
EWF – Undefined Behaviour, 92, 94, 95
EWR – Path Traversal, 124, 130
exception handler, 86
FAB – Implementation-defined Behaviour, 92, 94, 95
FIF – Arithmetic Wrap-around Error, 34, 35
FLC – Numeric Conversion Errors, 20
Fortran, 73
GDL – Recursion, 67
generics, 76
GIF, 120
goto, 60
HCB – Buffer Boundary Violation (Buffer Overflow), 23, 82
HFC – Pointer Casting and Pointer Type Changes, 28
HJW – Unanticipated Exceptions from Library Routines, 86
HTML
Hyper Text Markup Language, 124
HTS – Resource Names, 120
HTTP
Hypertext Transfer Protocol, 127
IEC 60559, 16
IEEE 754, 16
IHN –Type System, 12
inheritance, 78
IP address, 119
Java, 18, 50, 52, 76
JavaScript, 125, 126, 127
JCW – Operator Precedence/Order of Evaluation, 47
KLK – Distinguished Values in Data Types, 112
KOA – Likely Incorrect Expression, 50
language vulnerabilities, 9
Language Vulnerabilities
Argument Passing to Library Functions [TRJ], 80
Arithmetic Wrap-around Error [FIF], 34
Bit Representations [STR], 14
Buffer Boundary Violation (Buffer Overflow) [HCB], 23
Choice of Clear Names [NAI], 37
Concurrency – Activation [CGA], 98
Concurrency – Directed termination [CGT], 100
Concurrency – Premature Termination [CGS], 103
Concurrent Data Access [CGX], 101
Dangling Reference to Heap [XYK], 31
Dangling References to Stack Frames [DCM], 63
Dead and Deactivated Code [XYQ], 52
Dead Store [WXQ], 39
Demarcation of Control Flow [EOJ], 56
Deprecated Language Features [MEM], 97
Dynamically-linked Code and Self-modifying Code [NYY], 83
Enumerator Issues [CCB], 18
Extra Intrinsics [LRM], 79
Floating-point Arithmetic [PLF], xvii, 16
Identifier Name Reuse [YOW], 41
Ignored Error Status and Unhandled Exceptions [OYB], 68
Implementation-defined Behaviour [FAB], 95
Inadequately Secure Communication of Shared Resources [CGY], 107
Inheritance [RIP], 78
Initialization of Variables [LAV], 45
Inter-language Calling [DJS], 81
Library Signature [NSQ], 84
Likely Incorrect Expression [KOA], 50
Loop Control Variables [TEX], 57
Memory Leak [XYL], 74
Namespace Issues [BJL], 43
Null Pointer Dereference [XYH], 30
Numeric Conversion Errors [FLC], 20
Obscure Language Features [BRS], 91
Off-by-one Error [XZH], 58
Operator Precedence/Order of Evaluation [JCW], 47
Passing Parameters and Return Values [CSJ], 61, 82
Pointer Arithmetic [RVG], 29
Pointer Casting and Pointer Type Changes [HFC], 28
Pre-processor Directives [NMP], 87
Protocol Lock Errors [CGM], 105
Provision of Inherently Unsafe Operations [SKL], 90
Recursion [GDL], 67
Side-effects and Order of Evaluation [SAM], 49
Sign Extension Error [XZI], 36
String Termination [CJM], 22
Structured Programming [EWD], 60
Subprogram Signature Mismatch [OTR], 65
Suppression of Language-defined Run-time Checking [MXB], 89
Switch Statements and Static Analysis [CLL], 54
Templates and Generics [SYM], 76
Termination Strategy [REU], 70
Type System [IHN], 12
Type-breaking Reinterpretation of Data [AMV], 72
Unanticipated Exceptions from Library Routines [HJW], 86
Unchecked Array Copying [XYW], 27
Unchecked Array Indexing [XYZ], 25
Uncontrolled Fromat String [SHL], 110
Undefined Behaviour [EWF], 94
Unspecified Behaviour [BFQ], 92
Unused Variable [YZS], 40
Use of unchecked data from an uncontrolled or tainted source [EFS], 109
Using Shift Operations for Multiplication and Division [PIK], 35
language vulnerability, 5
LAV – Initialization of Variables, 45
LHS (left-hand side), 241
Linux, 120
livelock, 106
longjmp, 60
LRM – Extra Intrinsics, 79
MAC address, 119
macof, 118
MEM – Deprecated Language Features, 97
memory disclosure, 130
Microsoft
Win16, 121
Windows, 117
Windows XP, 120
MIME
Multipurpose Internet Mail Extensions, 124
MISRA C, 29
MISRA C++, 87
mlock(), 117
MVX – Use of a One-Way Hash without a Salt, 141
MXB – Suppression of Language-defined Run-time Checking, 89
NAI – Choice of Clear Names, 37
name type equivalence, 12
NMP – Pre-Processor Directives, 87
NSQ – Library Signature, 84
NTFS
New Technology File System, 120
NULL, 31, 58
NULL pointer, 31
null-pointer, 30
NYY – Dynamically-linked Code and Self-modifying Code, 83
OTR – Subprogram Signature Mismatch, 65, 82
OYB – Ignored Error Status and Unhandled Exceptions, 68, 163
Pascal, 82
PHP, 124
PIK – Using Shift Operations for Multiplication and Division, 34, 35, 197
PLF – Floating-point Arithmetic, xvii, 16
POSIX, 99
pragmas, 75, 96
predictable execution, 4, 8
PYQ – URL Redirection to Untrusted Site ('Open Redirect'), 140
real numbers, 16
Real-Time Java, 105
resource exhaustion, 118
REU – Termination Strategy, 70
RIP – Inheritance, xvii, 78
rsize_t, 22
RST – Injection, 109, 122
runtime-constraint handler, 191
RVG – Pointer Arithmetic, 29
safety hazard, 4
safety-critical software, 5
SAM – Side-effects and Order of Evaluation, 49
security vulnerability, 5
SeImpersonatePrivilege, 115
setjmp, 60
SHL – Uncontrolled Format String, 110
size_t, 22
SKL – Provision of Inherently Unsafe Operations, 90
software quality, 4
software vulnerabilities, 9
SQL
Structured Query Language, 112
STR – Bit Representations, 14
strcpy, 23
strncpy, 23
structure type equivalence, 12
switch, 54
SYM – Templates and Generics, 76
symlink, 131
tail-recursion, 68
templates, 76, 77
TEX – Loop Control Variables, 57
thread, 2
TRJ – Argument Passing to Library Functions, 80
type casts, 20
type coercion, 20
type safe, 12
type secure, 12
type system, 12
UNC
Uniform Naming Convention, 131
Universal Naming Convention, 131
Unchecked_Conversion, 73
UNIX, 83, 114, 120, 131
unspecified functionality, 111
Unspecified functionality, 111
URI
Uniform Resource Identifier, 127
URL
Uniform Resource Locator, 127
VirtualLock(), 117
white-list, 120, 124, 127
Windows, 99
WPL – Improper Restriction of Excessive Authentication Attempts, 140
WXQ – Dead Store, 39, 40, 41
XSS
Cross-site scripting, 125
XYH – Null Pointer Deference, 30
XYK – Dangling Reference to Heap, 31
XYL – Memory Leak, 74
XYM – Insufficiently Protected Credentials, 9, 133
XYN –Adherence to Least Privilege, 113
XYO – Privilege Sandbox Issues, 114
XYP – Hard-coded Password, 136
XYQ – Dead and Deactivated Code, 52
XYS – Executing or Loading Untrusted Code, 116
XYT – Cross-site Scripting, 125
XYW – Unchecked Array Copying, 27
XYZ – Unchecked Array Indexing, 25, 28
XZH – Off-by-one Error, 58
XZI – Sign Extension Error, 36
XZK – Senitive Information Uncleared Before Use, 130
XZL – Discrepancy Information Leak, 129
XZN – Missing or Inconsistent Access Control, 134
XZO – Authentication Logic Error, 135
XZP – Resource Exhaustion, 118
XZQ – Unquoted Search Path or Element, 127
XZR – Improperly Verified Signature, 128
XZS – Missing Required Cryptographic Step, 133
XZX – Memory Locking, 117
YOW – Identifier Name Reuse, 41, 44
YZS – Unused Variable, 39, 40