Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Secure Programs: How to Write Unreadable Programs

Published byClinton Dawson Modified over 6 years ago

Similar presentations

Presentation on theme: "Towards Secure Programs: How to Write Unreadable Programs"— Presentation transcript:

1 Towards Secure Programs: How to Write Unreadable Programs
Dr. Mohamed Yehia Dahab

2 Agenda Understanding how a programmer thinks Why unreadable code
Golden rules Conclusions

3 Understanding How a Programmer Thinks
He has program from a web He has no time to read it all Much less understand it He wants to rapidly find the place to make the changes He wants to make it and get out the results He has not expected the effects of the changes He can only see a tiny piece of a program at a time

4 Why Unreadable Code Writing unreadable code for the purpose of security Scripts in HTML pages Templates (reusable components) Negotiation among agents Copy rights Understanding how to write a readable or a maintainable code Evaluating your programmers

5 Golden Rules Naming variables Use Hungarian notation for variables
char *szMxQtBlTyAcC; Use long similar variable names (intercapitalization, adding number(s), swapping) char *szMxQtBlTyACc; char *szMxQtlBTyACc; Use single letter variable names Name some of local variables as global variables Create nested local variables inside {} blocks Exploit compiler name length limits Use ASCII characters as variable names, including ß, ∂, ℓ, and ñ characters Never use i for the loop variable Use I and l interchangeably Misleading names conventions

6 Golden Rules (Cont’) Naming functions, in addition to the conventions of naming variable Make use of abstract words like Everything, data, stuff Do not begin the function name with a verb like do, perform, handle Don't indent your code Write extremely long lines of code, well over 80 characters per line Put all your code into a single function Do not write a single version of a constructor Do not put a single statement in a line

7 Golden Rules (Cont’) Hide some code among long comments and vice versa
for(j=0; j<array_len; j+ =8) { total += array[j+0 ]; total += array[j+1 ]; total += array[j+2 ]; /* Main body of total += array[j+3]; * loop is unrolled total += array[j+4]; * for greater speed. total += array[j+5]; */ total += array[j+6 ]; total += array[j+7 ]; }

8 Golden Rules (Cont’) Recycling Revisited
Use scoping as confusingly as possible by recycling variable names in contradictory ways. For example, suppose you have global variables A and B, and functions foo and bar. If you know that variable A will be regularly passed to foo and B to bar, make sure to define the functions as function foo(B) and function bar(A)

9 Golden Rules (Cont’) Code names must not match screen names
Never document the units of measure of any variable, input, output or parameter. e.g. feet, meters, cartons SQL Aliasing : Alias table names to one or two letters. Better still alias them to the names of other unrelated existing tables

10 Conclusions Use the mentioned conventions randomly
Try to mix the mentioned conventions as possible A real programmer writes code that anyone can fix or expand Generating unreadable code as an instance of the original program and you are guaranteed the original and generated programs will still work Developing an application to convert readable code to unreadable one will be very useful (as generating a documentation)

11 Thanks!

Download ppt "Towards Secure Programs: How to Write Unreadable Programs"

Similar presentations

Classes  All code in a Java program is part of a class  A class has two purposes  Provide functions to do work for the programmer  Represent data.

Classes  All code in a Java program is part of a class  A class has two purposes  Provide functions to do work for the programmer  Represent data.
JavaScript 101 Lesson 01: Writing Your First JavaScript.

JavaScript 101 Lesson 01: Writing Your First JavaScript.
Chapter 41 Defining Classes and Methods Chapter 4.

Chapter 41 Defining Classes and Methods Chapter 4.
Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 7: Methods.

Bellevue University CIS 205: Introduction to Programming Using C++ Lecture 7: Methods.
1 Web Based Programming Section 6 James King 12 August 2003.

1 Web Based Programming Section 6 James King 12 August 2003.
Call-by-Value vs. Call-by-Reference Call-by-value parameters are used for passing information from the calling function to the called function (input parameters).

Call-by-Value vs. Call-by-Reference Call-by-value parameters are used for passing information from the calling function to the called function (input parameters).
JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.

JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.
Copyright 2003 Scott/Jones Publishing Standard Version of Starting Out with C++, 4th Edition Chapter 6 Functions.

Copyright 2003 Scott/Jones Publishing Standard Version of Starting Out with C++, 4th Edition Chapter 6 Functions.
XP Tutorial 10New Perspectives on Creating Web Pages with HTML, XHTML, and XML 1 Working with JavaScript Creating a Programmable Web Page for North Pole.

XP Tutorial 10New Perspectives on Creating Web Pages with HTML, XHTML, and XML 1 Working with JavaScript Creating a Programmable Web Page for North Pole.
20-753: Fundamentals of Web Programming 1 Lecture 12: Javascript I Fundamentals of Web Programming Lecture 12: Introduction to Javascript.

20-753: Fundamentals of Web Programming 1 Lecture 12: Javascript I Fundamentals of Web Programming Lecture 12: Introduction to Javascript.
Advanced Computer Science Lab Coding Style & Documentation.

Advanced Computer Science Lab Coding Style & Documentation.
ADTs and C++ Classes Classes and Members Constructors The header file and the implementation file Classes and Parameters Operator Overloading.

ADTs and C++ Classes Classes and Members Constructors The header file and the implementation file Classes and Parameters Operator Overloading.
COSC 235: Programming and Problem Solving Ch. 4 or… Everything is an Object Instructor: Dr. X.

COSC 235: Programming and Problem Solving Ch. 4 or… Everything is an Object Instructor: Dr. X.
Introducing Python CS 4320, SPRING 2015. Lexical Structure Two aspects of Python syntax may be challenging to Java programmers Indenting ◦Indenting is.

Introducing Python CS 4320, SPRING Lexical Structure Two aspects of Python syntax may be challenging to Java programmers Indenting ◦Indenting is.
Code Conventions Tonga Institute of Higher Education.

Code Conventions Tonga Institute of Higher Education.
Introduction to Algorithmic Processes CMPSC 201C Fall 2000.

Introduction to Algorithmic Processes CMPSC 201C Fall 2000.
Functions Chapter 6. Modular Programming Modular programming: breaking a program up into smaller, manageable functions or modules Function: a collection.

Functions Chapter 6. Modular Programming Modular programming: breaking a program up into smaller, manageable functions or modules Function: a collection.
CHAPTER 2 PROBLEM SOLVING USING C++ 1 C++ Programming PEG200/Saidatul Rahah.

CHAPTER 2 PROBLEM SOLVING USING C++ 1 C++ Programming PEG200/Saidatul Rahah.
CMSC 104, Version 8/061L09VariablesInC.ppt Variables in C Topics Naming Variables Declaring Variables Using Variables The Assignment Statement Reading.

CMSC 104, Version 8/061L09VariablesInC.ppt Variables in C Topics Naming Variables Declaring Variables Using Variables The Assignment Statement Reading.
Functions in C++ Top Down Design with Functions. Top-down Design Big picture first broken down into smaller pieces.

Functions in C++ Top Down Design with Functions. Top-down Design Big picture first broken down into smaller pieces.

Similar presentations

Ads by Google