Abstract
The vulnerability methodology of the ISO/IEC/JTC 1/ SC 22/ WG 23 Programming Language Vulnerabilities Working Group is applied to the problem space of concurrency. A set of vulnerabilities is developed to capture the issues thread creation, thread termination, shared data access, resource hijacking and communication protocols.
- Burns A. and Wellings A., Language Vulnerabilities - Let's not forget Concurrency, IRTAW 14, 2009, ACM SIGAda Letters, Volume 30, Issue 1, April 2009 Google Scholar
Digital Library
- Common Attack Pattern Enumeration and Classification database, available from cve.mitre.orgGoogle Scholar
- The Common Vulnerabilities and Exposure database, available from cve.mitre.orgGoogle Scholar
- The Common Weakness Enumeration database, available from cve.mitre.orgGoogle Scholar
- Lundqvist, K and Asplund, L., "A Formal Model of a Run-Time Kernel for Ravenscar", The 6th International Conference on Real-Time Computing Systems and Applications -- RTCSA 1999 Google Scholar
Digital Library
- The Open Web Application Security Project, available from www.owasp.orgGoogle Scholar
- ISO IEC TR 24772 "Information technology -- Programming languages -- Guidance to avoiding vulnerabilities in programming languages through language selection and use", International Standards Organisation, 2010Google Scholar
- ISO/IEC/JTC 1/SC 22/WG 23 Programming Language Vulnerabilities work products, available from www.aitcnet.org/isaiGoogle Scholar
Index Terms
Programming language vulnerabilities: proposals to include concurrency paradigms
Recommendations
Mitigating program security vulnerabilities: Approaches and challenges
Programs are implemented in a variety of languages and contain serious vulnerabilities which might be exploited to cause security breaches. These vulnerabilities have been exploited in real life and caused damages to related stakeholders such as program ...
The Atomos transactional programming language
Proceedings of the 2006 PLDI ConferenceAtomos is the first programming language with implicit transactions, strong atomicity, and a scalable multiprocessor implementation. Atomos is derived from Java, but replaces its synchronization and conditional waiting constructs with simpler ...
The Atomos transactional programming language
PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and ImplementationAtomos is the first programming language with implicit transactions, strong atomicity, and a scalable multiprocessor implementation. Atomos is derived from Java, but replaces its synchronization and conditional waiting constructs with simpler ...






Comments