[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

java security & the cypherpunk agenda

once again I will offer a contrary view, and once again to PM. 
PM predicts that serious (unfixable?) bugs will be found in Java on 
the level of what was recently identified in Netscape. I disagree.

I am not intimately familiar with Java (nor, obviously, is PM), but I 
know Java was designed from the ground up to be secure on every platform
it is running on. in contrast to most OSes, the whole theory of Java
is based on creating a totally secure, unbreakable programming 
environment. most OSes start out with the idea, "what is an application?
how does the OS handle it? how does the OS permit file I/O etc.?"
Java starts out with the idea, "what operations can be allowed without
compromising security but still allowing algorithms"?

the software will succeed or fail in its aims on how
well it accomplishes the criteria of unbreakable security.. 
I suspect it is eventually going to be considered more secure than 
many OS's out there that it runs on (even unix). (and Java may eventually
evolve to become an integral part of future OS security apparatuses).

one thing that people don't seem to realize: Java was clearly engineered
to be a language that would allow "cycle sales" over cyberspace. in 
other words, how can companies lease out unused cycles to the world
just like power companies sell off their extra watt-hours to adjacent
cities? a secure language is the critical piece, and the Java designers
were clearly aiming for this remarkable and commendable accomplishment.
someday, even conservative companies such as IBM may agree that the 
security of Java is so great (and so widely well-proven as rock solid)
that they will lease out their unused, nighttime CPU cycles to 
Java applications and interested buyers, because they can be sure
that there is just no way to sabotage a system no matter how ingenious
you are..

PM tends to suggest that any language or computing environment
with a certain degree of complexity simply cannot be made secure.
I generally agree with this. however I suspect that Java is beneath
this complexity cutoff.

I do agree with other cypherpunks however that focusing cpunk attentions
on breaking Java is a highly worthwile activity. Java is an extremely
promising development and I fully suspect it will become something
of the first widespread "cyberspatial programming language". in
another message I talked about how companies such as Netscape may
not become so security conscious themselves but work with other
companies who are security paranoid and try to successfully integrate
their applications. Java is the prime candidate for this. and I am 
willing to bet the Java engineers have seen every security trick in the 
book (many I suspect perhaps even PM in his own paranoia and obsession is not
aware of) and can demonstrate how Java, at least if implemented bug-free,
defeats *all* of them and can virtually be proven secure.

now, that little catchword "bug-free" I put in the last sentence is
something that everyone here can jump on. "it might be possible to 
create a secure language *in*theory*" say the naysayers, "but in 
practice it will always have bugs that can break it." well, I think
if anything will go beyond this weakness, Java has the best chance.
and the above argument sounds suspiciously like, "no software can really
accomplish exactly what it sets out to, because it will have bugs".
sure, Word and Excel both have bugs, but they do not defeat the primary
design. and this argument, "you cannot implement perfect software" is
more of a complaint against human psychology than against a group who
is trying to implement a theoretically secure programming environment.
(perhaps they should use the qualification, "java is the first secure
programming language, in theory; in practice YMMV <g>").

I think we should be careful to make this distinction. there is
a lot of software that is not even theoretically secure, and there
is some software that tries to be secure but is not due to implementation
difficulties. the latter should not really be our concern so much.
we are not here to try to prevent programming errors (i.e., not 
correctly translating a correct design into code) so much as to 
try to get companies to write software, that if written properly,
is secure. (it seems to me this is the logical first step, and then
then next step is trying to break the code that seeks to be secure
and flame the eyebrows off its designers, as has been done here
recently <g>, but unless one first has a good hammer, one does not
care about faulty nails..)

I was talking to a press reporter and he asked if the cpunks had gone
into some sort of new phase in which they were becoming something
like the policemen of cyberspace. I said that they had not really changed
in their goals much at all, it's more that the software that cpunks
have fantasized about for years is now starting to materialize, and there
is now something concrete to focus energies on. Netscape is a good 
example, and Java is another example. I think if I had talked about
Java a few years ago on this list, and about who invented it (Sun),
what it was designed to do, etc., people here would be delirious with
excitement. instead, there is a bit of cynicism here that is a bit
surprising to me. if there ever was a "cpunk language" that seeks to achieve
widespread, home-grown, secure algorithms in cyberspace, I would consider 
this this closest.

I highly recommend cpunks pay close attention to Java and help in its 
development, because imho it really has been conceived largely with key
cpunk agenda items as basic design criteria.
I suspect it is going to become a very strong standard and eventually
recognized as one of the most secure pieces of software ever designed, 
at least in regards to theoretical capabilities.

--Vlad Nuri