Cyclone: A type-safe dialect of C

TitleCyclone: A type-safe dialect of C
Publication TypeJournal Articles
Year of Publication2005
AuthorsGrossman D, Hicks MW, Jim T, Morrisett G
JournalC/C++ Users Journal
Pagination112 - 139
Date Published2005///

If any bug has achieved celebrity status, it is thebuffer overflow. It made front-page news as early
as 1987, as the enabler of the Morris worm, the first
worm to spread through the Internet. In recent years,
attacks exploiting buffer overflows have become more
frequent, and more virulent. This year, for exam-
ple, the Witty worm was released to the wild less
than 48 hours after a buffer overflow vulnerability
was publicly announced; in 45 minutes, it infected
the entire world-wide population of 12,000 machines
running the vulnerable programs.
Notably, buffer overflows are a problem only for the
C and C++ languages—Java and other “safe” lan-
guages have built-in protection against them. More-
over, buffer overflows appear in C programs written
by expert programmers who are security concious—
programs such as OpenSSH, Kerberos, and the com-
mercial intrusion detection programs that were the
target of Witty.
This is bad news for C. If security experts have
trouble producing overflow-free C programs, then
there is not much hope for ordinary C program-
mers. On the other hand, programming in Java is
no panacea; for certain applications, C has no com-
petition. From a programmer’s point of view, all the
safe languages are about the same, while C is a very
different beast.