a pseudoperipatetic application security handbook for virtuous software keith douglas statistics...
TRANSCRIPT
A Pseudoperipatetic Application Security
Handbook For Virtuous Software
Keith DouglasStatistics Canada
(Standard disclaimer)
Outline• Introduction and What is Application
Security?
• Nature of Technology
• Nature of Virtue
• How to Obtain Virtue
• What Results from Virtue
• Who and What is Virtuous
• What are Specific Virtues
Conclusion
Intro / What is AS?• 10-15 years of increased awareness of AS
• Hard to distill many volumes, whitepapers, reports, etc. into material suitable for developers, etc.
• “Virtuous software” - Evelyn Perkins
• Starting point here: Nicomachean Ethics
• Might be useful to have to follow along
• Implicit background: KD is Canadian federal public servant; original audience similar
Virtues of both humans and software
Nature of Technology
• Art vs. Technology vs. Craft - not in text but important later (vs. science, too - Douglas; cf. Diamond)
• 1094a1 - Neverthless same in one way: aim at some good
• Goal in mind about what we develop
Don’t leave software open to be exploited for evil
Nature of Technology • 1094b2 - Demonstration often (Turelli?)
impossible in ethics
• Important because of developer mindset of exact specifications, precise languages, detailed rules, etc.
• 1100b15 - Virtuous activities more durable than knowledge
• Again mindset important; tools change, exploits change, but goal of a good AS approach should be better developers, etc. too.
Nature of Technology
• 1105a8 ff - Virtue is concerned with “what is harder”
• Very true of AS - easy to forget about it and “just get it working”
Spinoza?
Nature of Technology• 1106a15-17 - 3 characteristics of virtuous
software from 3 excellences of something
• Good condition / not easily broken
• “Broken” often used of buggy software (Aleph1)
• Allows well-use of its functions
• And isn’t infected, crashing, etc.
• Not some other use of its proper functions
Don’t overengineer - attack surface too large, and hence illegit use.
Nature of Virtue
• Bill and Ted
• 1096a25 - More than one virtue
• Security itself more than one: reliability, non-repudiability, non-disclosure, etc.
• Possibly non-security virtues in software, etc.
Refutation of the unity thesis?
Nature of Virtue• 1097b1, 1097b23 - Happiness chief
virtue?
• I don’t know
• But argument interesting as proper functions more plausible in artifacts than humans
• 1103b35 - Virtues can be intellectual
Thoroughness of testing, intellectual honesty, etc.
Nature of Virtue
• 1157b6 - Virtues can apply to states and activities
• Data structures and algorithms?
• 1179b1 - Must use virtue
Developers, etc. should get hands on experience in addition to books, talks, etc.
Obtaining Virtue• 1103a20 - Virtue from habit
• Tacit knowledge - how a lot of our skills in software design, programming, testing etc. arise. (Polanyi; cf. Wimsatt)
• Do it when it doesn’t matter as much to “get in the habit”
1170a11 - Train in virtue by being in company of the good - more on learning from examples
Obtaining Virtue
• 1180a6 - Creating virtue through legislation
• Arguably already done partially in my workplace
Might need more specifically on topic of AS (one can hope!)
What Results
• 1101b30 - Extrinsic benefits to virtue (praise, etc.)
• Aristotle here recommends something to managers and compensation specialists
I’ve received praise for my work in the area but not much else ...
What Results
• 1122b31 - The effects on the vicious
• Handles objections from colleagues about “moralizing software development”
• We need not punish the poor programmer, etc. who makes a mistake, just encourage its correction, etc. Think rehabilitation, education.
What Results
• 1177a2 - Happiness
• Sounds very odd to developers (and is contentious historically!)
• But a virtuous development cycle ought to work to minimize the dreaded “fix” stage
A “hill-climbing situation” for sure
Who is Virtuous• 1105a7 3 characteristics of virtuous
agent:
• Have knowledge:
• Usual knowledge of tools, languages, etc. as well as of vulnerabilities and their remediations
• Choose actions for their own sakes:
• Don’t make arbitrary coding decisions. Use change request systems (e.g. Jira)
• Actions must proceed from firm/unchangable character
Weaken (resistance to outside influence)and reminder about any ethical source
What are Specific Virtues
• 1115a6 - Courage discussed first
• 5 sorts according to Aristotle
• 3 sorts that I’ve found useful in computing:
• Courage to confront authority - whistleblowing
• Intellectual courage - courage to learn something new
Courage to be patient
What are Specific Virtues
• 1117b24 - Temperance
• Reminders:
• Not all virtues apply to all activities
• How to construct list?
• Even clearer with pride 1123b33
Difficult in pluralistic society
What are Specific Virtues
• 1126b20, 1127a13 - Nameless virtues
• Might well need new character traits and behaviours (both for us and software) that have well defined earmarks but no names (yet?)
• “Off the wall” thinking outside the box
WAITFOR SQL injections (Clarke)
What are Specific Virtues
• 1129a1 - Justice
• We need a better understanding of this to understand AS better
• I will not do this here
• Aristotle says the just is the lawful
• Civil disobedience
• Also says just is the proportional
• Some vulnerabilities involve disproportion
DoS, buffer overrun
Conclusion
• Seen how one can start thinking about many areas of interest in AS by reading a work of virtue ethics
• Use other traditions (e.g. Chinese) and sources (ancient - Meno; modern - Crisp and Slote)
Virtues for each activity? Software vs. humans?