Safety, Security, and Object-Oriented Programming
When safety-critical software malfunctions people lives are in danger. When security-critical software is cracked national security or economic activity may be at risk. As more and more software embraces object-oriented programming (OOP) safety-critical and security-critical projects feel compelled to use object-orientation. But what are the guarantees of OOP in terms of safety and security? Are the design goals of OOP aligned with those of safe and secure software (S3) systems? In the following sections we look at key OOP aspects and analyze some of the hazards they introduce with respect to S3 and outline a possible way of addressing these vulnerabilities. Specifically, after a quick overview of OOP in section 2, section 3 deals with inheritance and shows some of its hazards in terms of S3 along with possible remedies. Section 4 focuses on dynamic binding and suggests a safer and more secure implementation than what is conventionally done. Finally, section 5 looks at testing programs with dynamic binding.
Posted on: 3/30/2006