«

Listening to National Public Radio while reading comp.lang.python. What a life!

I just heard a piece on NPR about the security failures of an electronic voting
system being developed. I know a voting system could be developed in python. I
am working on a simulator myself to run via the web (a personal project only)

Are there any features which would make python a viable alternative to develop
a real voting system for use in the US? Why or why not?

What things must I keep in mind when I design a python application to be
secure?

Since python is developed using C, can python be free from the buffer overrun
problems which plague other C programs?

allen

allen> Listening to National Public Radio while reading
allen> comp.lang.python. What a life! I just heard a piece on NPR about
allen> the security failures of an electronic voting system being
allen> developed. I know a voting system could be developed in python. I
allen> am working on a simulator myself to run via the web (a personal
allen> project only)

allen> Are there any features which would make python a viable
allen> alternative to develop a real voting system for use in the US?
allen> Why or why not?

allen> What things must I keep in mind when I design a python
allen> application to be secure?

allen> Since python is developed using C, can python be free from the
allen> buffer overrun problems which plague other C programs?

Yes, to a great extent, because you need to find buffer overrun
possibilities in the Python interpreter, but not in every Python
application.

As for voting projects, check out:

http://gnosis.python-hosting.com/voting-project/

Python is the development language I believe. I haven't followed it in a
couple months.

Skip

(PiedmontBiz) writes:
> What things must I keep in mind when I design a python application to be
> secure?
>
> Since python is developed using C, can python be free from the
> buffer overrun problems which plague other C programs?

Buffer overruns are just one narrow type of security failure.
Security is really a hard subject and even systems built by experts
often have security holes. There are various books written on how to
write secure software, and also some HOWTO's. For systems like voting
machines, there are a lot of non-software issues you have to deal with too.

The book "Security Engineering" by Ross Anderson is a good place to start
reading if you're interested in the subject.

Paul Rubin <http://> writes:
> (PiedmontBiz) writes:
> > What things must I keep in mind when I design a python application to be
> > secure?
> >
> > Since python is developed using C, can python be free from the
> > buffer overrun problems which plague other C programs?
>
> Buffer overruns are just one narrow type of security failure.
> Security is really a hard subject and even systems built by experts
> often have security holes. There are various books written on how to
> write secure software, and also some HOWTO's. For systems like voting
> machines, there are a lot of non-software issues you have to deal with too.
>
> The book "Security Engineering" by Ross Anderson is a good place to start
> reading if you're interested in the subject.

Many of the issues have been discussed on comp.risks over the years,
and the archives of same contain some useful pointers to in-depth
analyses. A searchable archive is found at http://www.risks.org.

--
Mark Jackson - http://www.alumni.caltech.edu/~mjackson
No *good* model ever accounted for *all* the facts, since
some data was bound to be misleading if not plain wrong.
- James D. Watson

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 2004-01-22T01:35:01Z, Paul Rubin <http://> writes:

> The book "Security Engineering" by Ross Anderson is a good place to start
> reading if you're interested in the subject.

I just finished "Practical Cryptography" by Niels Ferguson and Bruce
Schneier. It was almost enough to make me not want to bother trying. :-/
- --
Kirk Strauser
The Strauser Group
Open. Solutions. Simple.
http://www.strausergroup.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAD1Ke5sRg+Y0CpvERAlquAKCSi28drKEVE3fPC1F9c8 SWRBEwWwCdH5pO
3eAxJDSQ3ViaBDmQG7ZWV+w=
=sjqt
-----END PGP SIGNATURE-----

On Thu, 22 Jan 2004 04:35:07 GMT, Kirk Strauser wrote:
> At 2004-01-22T01:35:01Z, Paul Rubin <http://> writes:
>> The book "Security Engineering" by Ross Anderson is a good place to start
>> reading if you're interested in the subject.
>
> I just finished "Practical Cryptography" by Niels Ferguson and Bruce
> Schneier. It was almost enough to make me not want to bother trying.
> :-/

Security is much more than just cryptography. Program reliability,
protection from bad input, protection from other misbehaving programs;
mitigation of *any* kind of risk or threat is the realm of security.

--
\ "Last year I went fishing with Salvador Dali. He was using a |
`\ dotted line. He caught every other fish." -- Steven Wright |
_o__) |
Ben Finney <http://bignose.squidly.org/>

>At 2004-01-22T01:35:01Z, Paul Rubin <http://> writes:
>
>> The book "Security Engineering" by Ross Anderson is a good place to start
>> reading if you're interested in the subject.
>
>I just finished "Practical Cryptography" by Niels Ferguson and Bruce
>Schneier. It was almost enough to make me not want to bother trying. :-/
>=2D --=20
>Kirk Strauser
>The Strauser Group
>Open. Solutions. Simple.
>http://www.strausergroup.com/


I checked out the site: http://gnosis.python-hosting.com/voting-project/

This is a huge and important project. I suppose the programming language is
really not that important. The issue is trustworthy system development
(applications, operating systems, drivers, libraries, hardware, etc.), and
developing ways to validate software.

A completely different programming paradigm will need to be developed.

allen

(PiedmontBiz) writes:
> I checked out the site: http://gnosis.python-hosting.com/voting-project/
>
> This is a huge and important project. I suppose the programming
> language is really not that important. The issue is trustworthy
> system development (applications, operating systems, drivers,
> libraries, hardware, etc.), and developing ways to validate
> software.

There's bigger problems than any software can solve. See
http://www.blackboxvoting.com a view of some of them.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 2004-01-22T04:36:55Z, Ben Finney <bignose-hates-> writes:

> Security is much more than just cryptography.

I wasn't implying otherwise. However, being exposed to the level of
engineering required to get that one small part of the system right is
humbling.
- --
Kirk Strauser
The Strauser Group
Open. Solutions. Simple.
http://www.strausergroup.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFAD+Xq5sRg+Y0CpvERAv3iAKCHyQEMaKj8a8CJQorrEs Hj6DPZ+ACVF5uv
ZTfsNz29lr8FBE1vUSyZ4A==
=ePzg
-----END PGP SIGNATURE-----

In article <>,
Paul Rubin <http://> wrote:
.
.
.
>Buffer overruns are just one narrow type of security failure.
.
.
.
Yes and no. Yes, a security audit needs to consider at least hundreds
of distinct categories of technical hazards, and buffer overruns are
just one of these, and arguably not the riskiest. HOWEVER, we make up
for that with the frequency with which we do them; that is, although
all the analysis buffer overruns require was available at least twenty
years ago, it remains, in my experience, much the most frequent
identifiable security-pertinent fault our industry writes in, day
after day. We sure look dumb.

'Course, that's certainly not the fault of Python folk.
--

Cameron Laird <>
Business: http://www.Phaseit.net