Writing Safe Setuid Programs

Writing safe privileged programs (defined as programs that run with extra privileges but do not compromise security) is difficult. Here are some of the papers and talks I’ve given about this.

Talks and Tutorials

• “Adapting Formal Methods for Informal Use”, M. Bishop SANS Network Security 2000, San Diego, CA (Nov. 2000).
  This talks about formal methods and how to apply them in a highly informal way.
• “Writing Safe Secure Programs,” M. Bishop, SANS Network Security 1997, New Orleans, LA (Nov. 1997). [HTML] [PDF] [PS]
  From the New Orleans NS Conference; it is a short (1 hour) talk but hits lots of the highlights.
• “How Attackers Break Programs, and How to Write Programs More Securely”, M. Bishop, SANS 2002, Baltimore, MD (May 2002). [HTML] [PDF] [PS]
  My setuid programming tutorial. I used to give it occasionally at NS and SANS (from where this version came). This is the tutorial book that was handed out at the 2002 SANS. I haven’t given it since.

Papers and Technical Reports

• “Robust Programming by Example,” M. Bishop and C. Elliott, Proceedings of the Seventh World Conference on Information Security Education pp. 23–30 (June 2011).
  This is a published version of “Robust Programming,” below.
• “Applying Formal Methods Informally,” M. Bishop, B. Hay, and K. Nance, Proceedings of the 44th Hawaii International Conference on System Sciences pp. 1–8 (Jan. 2011).
  This is a published version of “Adapting Formal Methods for Informal Use,” above.
• “Robust Programming,” M. Bishop, handout for ECS 153, Computer Security, Department of Computer Science, University of California at Davis, Davis, CA 95616-8562. [HTML] [PDF] [ Postscript]
• “How to Write a Setuid Program,” M. Bishop, :login; 12(1) (Jan./Feb. 1986), [PDF] [PS]
  My original paper. It still wears pretty well, but is somewhat dated.