[Caml-list] French study on security and functional languages

[Caml-list] French study on security and functional languages

[David MENTRE]

Hello,

For those reading French, ANSSI (French agency for information
security) published a study on security and functional languages, with
a set of recommendations. OCaml is apparently well studied:
  http://www.ssi.gouv.fr/fr/anssi/publications/publications-scientifiques/autres-publications/lafosec-securite-et-langages-fonctionnels.html

"""
Cette étude, menée par un consortium composé de Saferiver, Normation,
AMOSSYS et du CEDRIC dans le cadre formel d’un marché du SGDSN, avait
pour objectif principal d’étudier l’adéquation des langages
fonctionnels pour le développement d’applications de sécurité, de
proposer le cas échéant des recommandations, et de mettre en pratique
certaines de ces recommandations.
"""

Best regards,
david

Re: [Caml-list] French study on security and functional languages

[Francois Berenger]

On 05/24/2013 04:02 PM, David MENTRE wrote:
> Hello,
>
> For those reading French, ANSSI (French agency for information
> security) published a study on security and functional languages, with
> a set of recommendations. OCaml is apparently well studied:
>    http://www.ssi.gouv.fr/fr/anssi/publications/publications-scientifiques/autres-publications/lafosec-securite-et-langages-fonctionnels.html

The document "État des lieux des langages fonctionnels"
is interesting even out of the context of computer security.

http://www.ssi.gouv.fr/IMG/pdf/LaFoSec_-_Etat_des_lieux_des_langages_fonctionnels.pdf

PS: and, most importantly, page 55 gives good marks to OCaml
     compared to other languages (so that we can start to troll now) :-)

> """
> Cette étude, menée par un consortium composé de Saferiver, Normation,
> AMOSSYS et du CEDRIC dans le cadre formel d’un marché du SGDSN, avait
> pour objectif principal d’étudier l’adéquation des langages
> fonctionnels pour le développement d’applications de sécurité, de
> proposer le cas échéant des recommandations, et de mettre en pratique
> certaines de ces recommandations.
> """
>
> Best regards,
> david
>

Re: [Caml-list] French study on security and functional languages

[rixed]

> The document "État des lieux des langages fonctionnels"
> is interesting even out of the context of computer security.

For non french readers: it's typical project management ideas from
the 19th century. The paper describes a vision of programming
projects that's old, erroneous but still prevalent amongst many central
administrations, where you first have some infallible specification
(it's not stated, but this probably comes from a comity of experts)
which is passed down to the programmers, and the main question that's
studied is "what tools should these programmers use in order to ensure
the code comply to the specifications".

Of course, anyone with any experience of how real projects fail in
practice will know that most often than not the fatal flaws are in the
specifications right from the start, or are introduced to circumvent the
rigid structure imposed by such specifications, and that if you want a
project to met its goal you have to question the overall process and not
merely the tools used by the programmers, which, independent on how much
some may be nice and others awful, make little difference in most cases.

Then the paper try to convince the reader that functional languages have
only advantages over procedural languages, citing our friend J. Harrop
from some years ago and other blogs.

Follow a rapid and honest presentation of many languages considered
functional, then a table summarizing the various opinions the author
have about some qualities of these languages.

For some time, there seams to be a new tendency to study scientifically
the various languages and idioms in existence. This LaFoSec project
clearly don't fall in this category. In my humble opinion as a mere
taxpayer, government funding would be much more usefully spent in
postmortem study of past projects, funding large experiences comparing
various tools or making an inventory of the current practices/tools in
the industry...

Re: [Caml-list] French study on security and functional languages

[oliver]

On Fri, May 24, 2013 at 02:35:51PM +0200, rixed@happyleptic.org wrote:
> > The document "État des lieux des langages fonctionnels"
> > is interesting even out of the context of computer security.
> 
> For non french readers: it's typical project management ideas from
> the 19th century. The paper describes a vision of programming
> projects that's old, erroneous but still prevalent amongst many central
> administrations, where you first have some infallible specification
> (it's not stated, but this probably comes from a comity of experts)
> which is passed down to the programmers, and the main question that's
> studied is "what tools should these programmers use in order to ensure
> the code comply to the specifications".
> 
> Of course, anyone with any experience of how real projects fail in
> practice will know that most often than not the fatal flaws are in the
> specifications right from the start, or are introduced to circumvent the
> rigid structure imposed by such specifications, and that if you want a
> project to met its goal you have to question the overall process and not
> merely the tools used by the programmers, which, independent on how much
> some may be nice and others awful, make little difference in most cases.
[...]

This reasonable critique has lead to a lot of modern forms of development
which means to a programmer, to change the overall direction of a project
from week to week.
"Oh, we have not taken into account the following", because no planning
or market research or customer inquiry was done in advance. Instead of
this minimal planning, in the middle of the project anything will be changed...
...more than once... and the project will take a multiple of the
time that was first talked about.

So, it's not always the bad specifications.
It also can be missing of specifications, or missing of the
overall goal of a project.

So, there are many causes, why a project can be handled ugly...

To follow a specification is not eveil in itself.

Ciao,
   Oliver

Re: [Caml-list] French study on security and functional languages

[rixed]

I agree, and indeed the project I'm currently mostly involved with
closely match your description. I was not blaming specifications per se
but the idea that programming goal is to implement a pre-existing,
fixed, unquestionable set of specifications that stand like revealed
truth.
How these specifications are formulated, how easy it is to fix and
maintain them, is as important as the implementation language IMO.

Re: [Caml-list] French study on security and functional languages

[Francois Berenger]

On 05/25/2013 12:15 AM, rixed@happyleptic.org wrote:
 > [...]
> How these specifications are formulated, how easy it is to fix and
> maintain them, is as important as the implementation language IMO.

I think rule-based systems are quite good in order to have all these 
properties (rules can be specified, version-controled and are maintainable).
I have even seen rules that clients (non programmers) could understand 
and modify thanks to a DSL.
I guess most languages have rule-based programming libraries.

However, my personal belief is that the most important part is the 
people, not the technology (whatever it might be).
And, there is an excellent book on the subject:
"Peopleware: Productive Projects and Teams"

Regards,
F.

Re: [Caml-list] French study on security and functional languages

[oliver]

On Fri, May 24, 2013 at 04:55:34PM +0900, Francois Berenger wrote:
> On 05/24/2013 04:02 PM, David MENTRE wrote:
> >Hello,
> >
> >For those reading French, ANSSI (French agency for information
> >security) published a study on security and functional languages, with
> >a set of recommendations. OCaml is apparently well studied:
> >   http://www.ssi.gouv.fr/fr/anssi/publications/publications-scientifiques/autres-publications/lafosec-securite-et-langages-fonctionnels.html
> 
> The document "État des lieux des langages fonctionnels"
> is interesting even out of the context of computer security.
> 
> http://www.ssi.gouv.fr/IMG/pdf/LaFoSec_-_Etat_des_lieux_des_langages_fonctionnels.pdf
> 
> PS: and, most importantly, page 55 gives good marks to OCaml
>     compared to other languages (so that we can start to troll now) :-)


Hahah :-)

I would be happy to have an english version of this study...
my language skills are very delimited and french is not
in the small bag of languages I know.

Possibly the crucial pages can be translated by some people?

Ciao,
   Oliver

Re: [Caml-list] French study on security and functional languages

[Esther Baruk]

[-- Attachment #1: Type: text/plain, Size: 2349 bytes --]

Hello,

I'll just translate for you one of the recommandations of the document
"Modèles d'exécution d'OCaml" on page 15 :
"Recommandation R-2 : prefer camlp4 as a preprocessor"
I didn't read the whole document but reading this simple sentence makes me
conclude that this LaFoSec project was done without taking into account all
the community "movement" that is going on right now.
 From my point of view, you cannot analyse a language, or the tools that
come with it, without taking informations from experts and from the
community around this language.
These documents do not even mention the -ppx option and thus the project
was done without comparing the two approaches...
However, I think these documents are good to give more visibility to OCaml
and maybe convince people that are still reluctant to functional languages.

Cheers,

Esther Baruk


On Fri, May 24, 2013 at 4:35 PM, oliver <oliver@first.in-berlin.de> wrote:

> On Fri, May 24, 2013 at 04:55:34PM +0900, Francois Berenger wrote:
> > On 05/24/2013 04:02 PM, David MENTRE wrote:
> > >Hello,
> > >
> > >For those reading French, ANSSI (French agency for information
> > >security) published a study on security and functional languages, with
> > >a set of recommendations. OCaml is apparently well studied:
> > >
> http://www.ssi.gouv.fr/fr/anssi/publications/publications-scientifiques/autres-publications/lafosec-securite-et-langages-fonctionnels.html
> >
> > The document "État des lieux des langages fonctionnels"
> > is interesting even out of the context of computer security.
> >
> >
> http://www.ssi.gouv.fr/IMG/pdf/LaFoSec_-_Etat_des_lieux_des_langages_fonctionnels.pdf
> >
> > PS: and, most importantly, page 55 gives good marks to OCaml
> >     compared to other languages (so that we can start to troll now) :-)
>
>
> Hahah :-)
>
> I would be happy to have an english version of this study...
> my language skills are very delimited and french is not
> in the small bag of languages I know.
>
> Possibly the crucial pages can be translated by some people?
>
> Ciao,
>    Oliver
>
> --
> Caml-list mailing list.  Subscription management and archives:
> https://sympa.inria.fr/sympa/arc/caml-list
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
>

[-- Attachment #2: Type: text/html, Size: 3512 bytes --]

Re: [Caml-list] French study on security and functional languages

[oliver]

Hi,

On Fri, May 24, 2013 at 04:59:41PM +0200, Esther Baruk wrote:
> Hello,
> 
> I'll just translate for you one of the recommandations of the document
> "Modèles d'exécution d'OCaml" on page 15 :
> "Recommandation R-2 : prefer camlp4 as a preprocessor"
[...]

Oh, what a short part ;-)

Ciao,
   Oliver

Re: [Caml-list] French study on security and functional languages

[David MENTRE]

Hello,

2013/5/24 Esther Baruk <esther.baruk@gmail.com>:
> These documents do not even mention the -ppx option and thus the project was
> done without comparing the two approaches...

I just glimpsed through the documents but some of them seem quite old
(2011) and they are referencing OCaml 3.12.0.

Regarding the recommendations, they are always debatable. Hopefully
they have a rationale that permit to understand why the document
author proposed such a recommendation.

Nonetheless I find interesting and refreshing[1] the fact that ANSSI
is at least seriously considering OCaml for writing security related
programs.

Regards,
david

[1] Pun intended regarding the current French weather.

Re: [Caml-list] French study on security and functional languages

[Esther Baruk]

[-- Attachment #1: Type: text/plain, Size: 516 bytes --]

On Fri, May 24, 2013 at 5:18 PM, David MENTRE <dmentre@linux-france.org>wrote:

> Hello,
>
> 2013/5/24 Esther Baruk <esther.baruk@gmail.com>:
> > These documents do not even mention the -ppx option and thus the project
> was
> > done without comparing the two approaches...
>
> I just glimpsed through the documents but some of them seem quite old
> (2011) and they are referencing OCaml 3.12.0.
>

Yes, I just saw that. They could have at least write something on it. A lot
has changed since 2011...


Esther Baruk

[-- Attachment #2: Type: text/html, Size: 1021 bytes --]

Re: [Caml-list] French study on security and functional languages

[oliver]

On Fri, May 24, 2013 at 05:18:53PM +0200, David MENTRE wrote:
[...]
> Nonetheless I find interesting and refreshing[1] the fact that ANSSI
> is at least seriously considering OCaml for writing security related
> programs.
[...]

Is this really especially for OCaml?
or also Haskell and the other languages?

I ask, because when looking at the comparison table
from page 55, then there are other languages that also
have good results.

Looks like the type system is the main distinction between
the well and the bad languages.

And there are OCaml, F#, Scala, Haskell, which have good rates
in the table.

It would have been nice, if non-functional languages would have been
rated also. I think they all would be on the bad side.

This would then be a good argument pro Functional languages.
But all the languages that were in the table were functional
languages.
The typical average decider in a company, who does have influence
to decide for the one or the other language would not know all the other
languages.

So, this comparison might be good for certain "insiders",
but the mainstream is using C, C++, Java, Perl, Python, Ruby and so on.
If these languages would be checked also (and I assuem they would be
a bad choice), then this paper would be really a good argument
for deciders of many companies.

In most cases I'm the only person in a project who at all knows
languages like OCaml... and also uses it.
And most often it's not allowed to use it because of this reason...
...but sometimes, some personal tools are allowed to write in any language.
But most often not even that... and mainstream languages have to be used...


Ciao,
   Oliver

Re: [Caml-list] French study on security and functional languages

[Marek Kubica]

On Sat, 25 May 2013 01:13:45 +0200
oliver <oliver@first.in-berlin.de> wrote:


> I ask, because when looking at the comparison table
> from page 55, then there are other languages that also
> have good results.
> 
> Looks like the type system is the main distinction between
> the well and the bad languages.

Yeah, I think this is a bit overly simplistic to say the more powerful
the type system, the safer the language.

regards,
Marek

Re: [Caml-list] French study on security and functional languages

[Pierre-Etienne Meunier]

> Hahah :-)
> 
> I would be happy to have an english version of this study...
> my language skills are very delimited and french is not
> in the small bag of languages I know.
> 
> Possibly the crucial pages can be translated by some people?

Legally in France, you can also ask financial details about this kind of crap. I did it, we will see the result.

I can translate the most brilliant pages in english when I have some time, but I doubt you'll appreciate it as much as we, french taxpayers, far-from-tenured young french researchers ;-)

Cheers…
Pierre

Re: [Caml-list] French study on security and functional languages

[Fabrice Le Fessant]

[-- Attachment #1: Type: text/plain, Size: 2596 bytes --]

Hi,

  Some comments on this topic:

- LaFoSec is the second study funded by ANSSI (it was done by a consortium
of experts, among which many security experts and one of the main
developers of OCaml, so I would not take their recommendations
lightly, personally), the first one is JavaSec (
http://www.ssi.gouv.fr/fr/anssi/publications/publications-scientifiques/autres-publications/securite-et-langage-java.html),
so there is indeed a comparison between OCaml, other functional languages,
and imperative languages, showing that there are many more security
 problems with Java than with OCaml.

- LaFoSec was started in 2010, which explains why it focuses on OCaml 3.12.

- If some observations seem obvious (for smart people that you are ;-) ), a
lot of them are much less obvious (the fact for example that you can
discover a secrete key using polymorphic comparisons without breaking the
type system). Also, they give an interesting set of arguments for pushing
OCaml instead of other programming languages, so for me, they are really
going in the good direction, it's a very good thing for the OCaml community.

- There is a document that was also written, but has not been published (it
was described at the last JFLA'2013 seminar, also in French), providing a
set of recommendations to improve OCaml for security applications. I don't
know why it was not published with the other ones, maybe because it would
become obsolete faster than the other ones.

--Fabrice




On Fri, May 24, 2013 at 7:45 PM, Pierre-Etienne Meunier <
pierreetienne.meunier@gmail.com> wrote:

> > Hahah :-)
> >
> > I would be happy to have an english version of this study...
> > my language skills are very delimited and french is not
> > in the small bag of languages I know.
> >
> > Possibly the crucial pages can be translated by some people?
>
> Legally in France, you can also ask financial details about this kind of
> crap. I did it, we will see the result.
>
> I can translate the most brilliant pages in english when I have some time,
> but I doubt you'll appreciate it as much as we, french taxpayers,
> far-from-tenured young french researchers ;-)
>
> Cheers…
> Pierre
> --
> Caml-list mailing list.  Subscription management and archives:
> https://sympa.inria.fr/sympa/arc/caml-list
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
>



-- 
Fabrice LE FESSANT
Chercheur en Informatique
INRIA Paris Rocquencourt -- OCamlPro
Programming Languages and Distributed Systems

[-- Attachment #2: Type: text/html, Size: 3694 bytes --]

Re: [Caml-list] French study on security and functional languages

[oliver]

On Fri, May 24, 2013 at 04:55:34PM +0900, Francois Berenger wrote:
> On 05/24/2013 04:02 PM, David MENTRE wrote:
> >Hello,
> >
> >For those reading French, ANSSI (French agency for information
> >security) published a study on security and functional languages, with
> >a set of recommendations. OCaml is apparently well studied:
> >   http://www.ssi.gouv.fr/fr/anssi/publications/publications-scientifiques/autres-publications/lafosec-securite-et-langages-fonctionnels.html
> 
> The document "État des lieux des langages fonctionnels"
> is interesting even out of the context of computer security.
> 
> http://www.ssi.gouv.fr/IMG/pdf/LaFoSec_-_Etat_des_lieux_des_langages_fonctionnels.pdf
> 
> PS: and, most importantly, page 55 gives good marks to OCaml
>     compared to other languages (so that we can start to troll now) :-)
[...]

What about Haskell?
Did it "perform" well?


Ciao,
   Oliver

Re: [Caml-list] French study on security and functional languages

[Johan Grande]

Le 24/05/2013 16:47, oliver a écrit :
> On Fri, May 24, 2013 at 04:55:34PM +0900, Francois Berenger wrote:
>> The document "État des lieux des langages fonctionnels"
>> is interesting even out of the context of computer security.
>>
>> http://www.ssi.gouv.fr/IMG/pdf/LaFoSec_-_Etat_des_lieux_des_langages_fonctionnels.pdf
>>
>> PS: and, most importantly, page 55 gives good marks to OCaml
>>      compared to other languages (so that we can start to troll now) :-)
> [...]
>
> What about Haskell?
> Did it "perform" well?

Same as OCaml except difficult :-)

Here is a rough translation of the subitems of the table on page 55:

** Teaching material
** Integration in IDEs
** Simple syntax
** Easy to write in

** Type inference
** Complex data structures
** Modularity
** Polymorphism

** Strong static typing
** Pattern matching
** Rich pure functional core

Efficiency
* native code production

Interoperability
* with C
* virtual machines

Security

-- 
Johan

Re: [Caml-list] French study on security and functional languages

[Olivier Levillain]

Hi everyone,

> For those reading French, ANSSI (French agency for information
> security) published a study on security and functional languages, with
> a set of recommendations. OCaml is apparently well studied:
>   http://www.ssi.gouv.fr/fr/anssi/publications/publications-scientifiques/autres-publications/lafosec-securite-et-langages-fonctionnels.html

For information, some of the results have been presented last February
during the JFLA (Journées francophones des langages applicatifs). The
slides presented are available on the conference web site
(http://jfla.inria.fr/2013/programme.html).

Regards,
Olivier Levillain

Re: [Caml-list] French study on security and functional languages

[Anil Madhavapeddy]

On 24 May 2013, at 13:41, Olivier Levillain <olivier.levillain@ssi.gouv.fr> wrote:

> Hi everyone,
> 
>> For those reading French, ANSSI (French agency for information
>> security) published a study on security and functional languages, with
>> a set of recommendations. OCaml is apparently well studied:
>>  http://www.ssi.gouv.fr/fr/anssi/publications/publications-scientifiques/autres-publications/lafosec-securite-et-langages-fonctionnels.html
> 
> For information, some of the results have been presented last February
> during the JFLA (Journées francophones des langages applicatifs). The
> slides presented are available on the conference web site
> (http://jfla.inria.fr/2013/programme.html).
> 
	
I was very glad to see the release of the Parsifal code onto Github too:
https://github.com/ANSSI-FR/parsifal

It looks like you have done a lot of the work required towards building
a pure OCaml SSL and Kerberos stack, as well as DNS and SSH parsers in
there too.  We were just discussing the lack of a pure OCaml SSL library
for MirageOS (which already has a full reimplementation of device drivers
and TCP/IP and HTTP, and is just missing the final SSL piece).

best,
Anil

Re: [Caml-list] French study on security and functional languages

[Olivier Levillain]

> I was very glad to see the release of the Parsifal code onto Github too:
> https://github.com/ANSSI-FR/parsifal
>
> It looks like you have done a lot of the work required towards building
> a pure OCaml SSL and Kerberos stack, as well as DNS and SSH parsers in
> there too.  We were just discussing the lack of a pure OCaml SSL library
> for MirageOS (which already has a full reimplementation of device drivers
> and TCP/IP and HTTP, and is just missing the final SSL piece).

I'm glad to see you are interested in Parsifal. It was recently
published on GitHub and will be presented as a short paper at SSTIC 2013
(https://www.sstic.org/2013, not to be confused with SSTiC 2013).

However, this is still a project in development and I must warn you it
was first written to allow for writing quick and robust *parsers*. That
is why for the moment, the code essentially consists in the description
of some formats and protocols.  We are beginning to work on animating
the protocols, but this will need a lot of work to get done properly.

Concerning the protocols you cite, here is the status :
 - nearly all SSL/TLS messages and X.509 certificates are supported and
some test tools already exist (but only for the first handshake round-trip);
 - Kerberos as you see it in the repository is at a very early stage but
more commits are coming once I have time to review them;
 - DNS is working and I wrote a picodig version to make some requests
(but this one was easy: there is no real context in the protocol);
 - We have not yet worked on SSH but it would be a good idea.

Regards,
Olivier Levillain