A Pseudoperipatetic Application Security

Handbook For Virtuous Software

Keith DouglasStatistics Canada

(Standard disclaimer)

Outline• Introduction and What is Application

Security?

• Nature of Technology

• Nature of Virtue

• How to Obtain Virtue

• What Results from Virtue

• Who and What is Virtuous

• What are Specific Virtues

Conclusion

Intro / What is AS?• 10-15 years of increased awareness of AS

• Hard to distill many volumes, whitepapers, reports, etc. into material suitable for developers, etc.

• “Virtuous software” - Evelyn Perkins

• Starting point here: Nicomachean Ethics

• Might be useful to have to follow along

• Implicit background: KD is Canadian federal public servant; original audience similar

Virtues of both humans and software

Nature of Technology

• Art vs. Technology vs. Craft - not in text but important later (vs. science, too - Douglas; cf. Diamond)

• 1094a1 - Neverthless same in one way: aim at some good

• Goal in mind about what we develop

Don’t leave software open to be exploited for evil

Nature of Technology • 1094b2 - Demonstration often (Turelli?)

impossible in ethics

• Important because of developer mindset of exact specifications, precise languages, detailed rules, etc.

• 1100b15 - Virtuous activities more durable than knowledge

• Again mindset important; tools change, exploits change, but goal of a good AS approach should be better developers, etc. too.

Nature of Technology

• 1105a8 ff - Virtue is concerned with “what is harder”

• Very true of AS - easy to forget about it and “just get it working”

Spinoza?

Nature of Technology• 1106a15-17 - 3 characteristics of virtuous

software from 3 excellences of something

• Good condition / not easily broken

• “Broken” often used of buggy software (Aleph1)

• Allows well-use of its functions

• And isn’t infected, crashing, etc.

• Not some other use of its proper functions

Don’t overengineer - attack surface too large, and hence illegit use.

Nature of Virtue

• Bill and Ted

• 1096a25 - More than one virtue

• Security itself more than one: reliability, non-repudiability, non-disclosure, etc.

• Possibly non-security virtues in software, etc.

Refutation of the unity thesis?

Nature of Virtue• 1097b1, 1097b23 - Happiness chief

virtue?

• I don’t know

• But argument interesting as proper functions more plausible in artifacts than humans

• 1103b35 - Virtues can be intellectual

Thoroughness of testing, intellectual honesty, etc.

Nature of Virtue

• 1157b6 - Virtues can apply to states and activities

• Data structures and algorithms?

• 1179b1 - Must use virtue

Developers, etc. should get hands on experience in addition to books, talks, etc.

Obtaining Virtue• 1103a20 - Virtue from habit

• Tacit knowledge - how a lot of our skills in software design, programming, testing etc. arise. (Polanyi; cf. Wimsatt)

• Do it when it doesn’t matter as much to “get in the habit”

1170a11 - Train in virtue by being in company of the good - more on learning from examples

Obtaining Virtue

• 1180a6 - Creating virtue through legislation

• Arguably already done partially in my workplace

Might need more specifically on topic of AS (one can hope!)

What Results

• 1101b30 - Extrinsic benefits to virtue (praise, etc.)

• Aristotle here recommends something to managers and compensation specialists

I’ve received praise for my work in the area but not much else ...

What Results

• 1122b31 - The effects on the vicious

• Handles objections from colleagues about “moralizing software development”

• We need not punish the poor programmer, etc. who makes a mistake, just encourage its correction, etc. Think rehabilitation, education.

What Results

• 1177a2 - Happiness

• Sounds very odd to developers (and is contentious historically!)

• But a virtuous development cycle ought to work to minimize the dreaded “fix” stage

A “hill-climbing situation” for sure

Who is Virtuous• 1105a7 3 characteristics of virtuous

agent:

• Have knowledge:

• Usual knowledge of tools, languages, etc. as well as of vulnerabilities and their remediations

• Choose actions for their own sakes:

• Don’t make arbitrary coding decisions. Use change request systems (e.g. Jira)

• Actions must proceed from firm/unchangable character

Weaken (resistance to outside influence)and reminder about any ethical source

What are Specific Virtues

• 1115a6 - Courage discussed first

• 5 sorts according to Aristotle

• 3 sorts that I’ve found useful in computing:

• Courage to confront authority - whistleblowing

• Intellectual courage - courage to learn something new

Courage to be patient

What are Specific Virtues

• 1117b24 - Temperance

• Reminders:

• Not all virtues apply to all activities

• How to construct list?

• Even clearer with pride 1123b33

Difficult in pluralistic society

What are Specific Virtues

• 1126b20, 1127a13 - Nameless virtues

• Might well need new character traits and behaviours (both for us and software) that have well defined earmarks but no names (yet?)

• “Off the wall” thinking outside the box

WAITFOR SQL injections (Clarke)

What are Specific Virtues

• 1129a1 - Justice

• We need a better understanding of this to understand AS better

• I will not do this here

• Aristotle says the just is the lawful

• Civil disobedience

• Also says just is the proportional

• Some vulnerabilities involve disproportion

DoS, buffer overrun

Conclusion

• Seen how one can start thinking about many areas of interest in AS by reading a work of virtue ethics

• Use other traditions (e.g. Chinese) and sources (ancient - Meno; modern - Crisp and Slote)

Virtues for each activity? Software vs. humans?