NSA to Developers: Consider Moving from C and C++ to a Memory-Safe Programming Language

NSA to Developers: Consider Moving from C and C++ to a Memory-Safe Programming Language

A software developer with a beard and his hair in a bun sits at a desk in a brightly lit office, staring at his two computer screens.

Image: Getty Images/iStockphoto

The National Security Agency (NSA) is urging developers to switch to memory-safe languages, such as C#, Go, Java, Ruby, Rust, and Swift, to protect their code from remote code execution or abuse. other pirate attacks.

Of the languages ​​mentioned above, Java is the most widely used in enterprise and Android app development, while Swift is one of the top 10 languages, thanks in part to iOS app development. And there is growing interest in Rust replacing C and C++ in systems programming.

“NSA advises organizations to consider strategically transitioning from programming languages ​​that offer little or no inherent memory protection, such as C/C++, to a memory-safe language when possible. Some example languages memory-safe are C#, Go, Java, Ruby, and Swift,” the NSA said.

The spy agency cites recent research from Google and Microsoft that found 70% of their security issues in Chrome and Windows respectively were memory-related and many of these resulted from using C and C++ , which are more prone to memory-based vulnerabilities. .

Also: Cybersecurity, cloud and coding: why these three skills will be at the forefront of demand in 2023

“Malicious cyber actors can exploit these vulnerabilities for remote code execution or other adverse effects, which can often compromise a device and be the first step in large-scale network intrusions,” the NSA notes in the cybersecurity information sheet “Software Memory Safety”.

“Commonly used languages, such as C and C++, offer great freedom and flexibility in memory management while relying heavily on the programmer to perform the necessary checks on memory references.”

Thus, the agency recommends using a memory-safe language whenever possible, whether for application development or system programming.

“NSA recommends using a memory-safe language when possible,” he notes.

While most infosec professionals are familiar with this memory-safe language debate, not all developers may be. Although perhaps they should be, given that this is a decades-old problem, as Java creator James Gosling recently pointed out in a discussion of how and why Java has was created.

Rather, the NSA document offers developers a clear, plain-language explanation of the technical reasons for moving to memory-safe languages. Probably the most discussed language in terms of memory safety has been Rust, which is the leading contender as a “replacement” for C and C++.

The Linux kernel recently introduced Rust as a second C language, following the Open Source Android project. These projects will not replace old C/C++ code, but will prefer Rust for new code. Additionally, Microsoft Azure CTO Mark Russinovich recently called on all developers to use Rust over C and C++ for all new projects.

“By exploiting these types of memory issues, malicious actors – who are not bound by normal software usage expectations – may discover that they can enter unusual entries into the program, causing access, writing, allocating, or de-allocating memory unexpectedly,” the NSA explains.

But – as experts have noted in the Rust and C/C++ debates – the NSA warns that simply using a memory-safe language does not by default prevent memory bugs from being introduced into software. Additionally, languages ​​often allow libraries that are not written in memory-safe languages.

“Even with a memory-safe language, memory management is not entirely memory-safe. Most memory-safe languages ​​recognize that software sometimes needs to perform an insecure memory management function to perform certain tasks. As a result, classes or functions are available that are recognized as memory insecure and allow the programmer to perform a potentially dangerous memory management task,” the NSA said.

“Some languages ​​require that anything that is not memory-safe be explicitly annotated as such so that the programmer and all reviewers of the program know that it is not memory-safe. Memory-safe languages ​​may also use libraries written in memory-insecure languages ​​and therefore may contain insecure memory functionality. Although these ways of including memory-insecure mechanisms subvert the inherent security of memory, they help pinpoint where problems exist of memory might exist, allowing for closer examination of these sections of code.

Also: Cybersecurity: These are the new things to worry about in 2023

The NSA notes that some memory-safe languages ​​can come at a performance cost, requiring developers to learn a new language. He also points out that there are steps developers can take to harden memoryless languages. Google’s Chrome team, for example, is exploring several ways to harden C++, but these approaches also come with performance overhead. C++ will remain in the Chrome codebase for the foreseeable future.

The NSA recommends static and dynamic security testing of applications to detect memory issues. He also recommends exploring memory hardening methods, such as Control Flow Guard (CFG), which will impose restrictions on where code can be executed. Also, Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) are recommended.

#NSA #Developers #Moving #MemorySafe #Programming #Language

Leave a Comment

Your email address will not be published. Required fields are marked *