DieHard, the Software 230
Roland Piquepaille writes "No, it's not another movie sequel. DieHard is a piece of software which helps programs to run correctly and protects them from a range of security vulnerabilities. It has been developed by computer scientists from the University of Massachusetts Amherst — and Microsoft. DieHard prevents crashes and hacker attacks by focusing on memory. Our computers have thousands times more memory than 20 years ago. Still, programmers are privileging speed and efficiency over security, which leads to the famous "buffer overflows" which are exploited by hackers."
Vista already doing some of this (Score:5, Informative)
Different program? (Score:2, Informative)
nothing to do with VMs - just exception handling (Score:3, Informative)
Re:Vista already doing some of this (Score:5, Informative)
DieHard's randomization is very different from what OpenBSD does, not to mention Vista's address-space randomization. I've added a note to the FAQs that explains the difference in some detail, and answers several other questions, but in short: "address-space randomization" randomizes the base address of the heap and also mmapped-chunks of memory, leaving the relative position of objects intact. By contrast, DieHard randomizes the location of every single object across the entire heap. It also goes further in that it prevents a wide range of memory errors automatically, like double frees and illegal frees, and effectively eliminates heap corruption.
-- Emery Berger
Corrections (Score:3, Informative)
Swing does not really have the problems you speak of any longer, if you are using it right... heck, it didn't really have those problem to any great degree about seven years ago when I was building a large custom client app all in swing for only desktop deployment.
Complaining about the build system is like saying GCC has a bad build system - really it has no build system, and you should use something made for building Java. That is why we have Ant and the like...
Of the remainder, I really only think #7 has much in the way of merit. Have you looked into the java.nio package? This makes working with binary data much simpler...
Re:Vista already doing some of this (Score:5, Informative)
Re:Vista already doing some of this (Score:5, Informative)
http://kerneltrap.org/node/5584 [kerneltrap.org]
Any thoughts?
Re:Vista already doing some of this (Score:5, Informative)
The real solution is programming in a language with secure memory management, such as
Do NOT INSTALL THIS (Score:2, Informative)
It's the programmers fault? (Score:2, Informative)
Typically, a programmer is doing their job. The programmers manager is doing their job, by squeezing the work and deadlines of the programmers.
My $0.02 CDN
Re:Vista already doing some of this (Score:3, Informative)
Re:Vista already doing some of this (Score:5, Informative)
Here's a more detailed answer -- I'll add it to the FAQ.
OpenBSD (a variant of PHKmalloc) does some of what DieHard's allocator does, but DieHard does much more. On the security side, DieHard adds much more "entropy"; on the reliability side, it mathematically reduces the risk that a programmer bug will have any impact on program execution.
OpenBSD randomly locates pages of memory and allocates small objects from these pages. It improves security by avoiding the effect of certain errors. Like DieHard, it is resilient to double and invalid frees. It places guard pages around large chunks and frees such large chunks back to the OS (causing later references through dangling pointers to fail unless the chunk is reused). It attempts to block some buffer overflows by using page protection. Finally, it shuffles some allocated objects around on a page, randomizing their location within a page.
DieHard goes much further. First, it completely segregates heap metadata from the heap, making heap corruption (and hijack attacks) nearly impossible. On OpenBSD, a large-enough underflow on OpenBSD can overwrite the page directory or local page info struct (at the beginning of each page), hijacking the allocator. This presentation [ruxcon.org.au] describes several ways OpenBSD's allocator can be attacked. By contrast, none of DieHard's metadata is located in the allocated object space.
Second, DieHard randomizes the placement of objects across the entire heap. This has numerous advantages. On the security side, it makes brute-force attempts to locate adjacent objects nearly impossible -- in OpenBSD, knowing the allocation sequence determines which pages objects will land on (see the presentation pointed to above).
DieHard's complete randomization is key to provably avoiding a range of errors with high probability. It reduces the worst-case odds that a buffer overflow has any impact to 50%. The actual likelihood is even lower when the heap is not full. DieHard also avoids dangling pointer errors with very high probability (e.g., 99.999%), making it nearly impervious to such mistakes. You can read our PLDI paper for more details and formulae.
-- Emery Berger
Re:Correction (Score:2, Informative)
What platforms do you want? Java is on 32- and 64-bit Windows, 32- and 64-bit Linux, Solaris (SPARC + Intel), AIX, HP-UX, OS X (Intel + PPC), IBM z/OS and iSeries, AND FreeBSD (http://www.freebsd.org/java/) among other platforms. FreeBSD guys negotiated a license (but with Java GPL now they won't need to in future).
I would also disagree about portability of code. J2SE apps are very portable. Usually with zero platform specific code changes. J2EE is another story.