Software insecurity can be explained as a potpourri of hacking methods, ranging from the familiar, e.g. buffer overruns, to the exotic, e.g. code insertion with Chinese characters. From such an angle software security would just be a collection of specific countermeasures. We will observe a common principle that can guide a structured presentation of software security and give guidance for future research directions: There exists a discrepancy between the abstract programming concepts used by software developers and their concrete implementation on the given execution platform. In support of this thesis, five case studies will be discussed, viz characters, integers, variables, atomic transactions, and double linked lists.
CITATION STYLE
Gollmann, D. (2009). Software security - the dangers of abstraction. In IFIP Advances in Information and Communication Technology (Vol. 298, pp. 1–12). Springer Science and Business Media, LLC. https://doi.org/10.1007/978-3-642-03315-5_1
Mendeley helps you to discover research relevant for your work.