The Attributer’s Blog – Shellshocked

This time we shall look at an undesirable SABSA Attribute, the name of which is, of course, a piece of irony, a way to draw attention to an extensive systemic problem by looking at a recently discovered example of a software bug, nicknamed ‘Shellshock’. For those who might have missed the news on this, the nickname applies to a vulnerability discovered in a 20-year old piece of UNIX code, known as the Bourne-Again Shell (BASH for short). The Attributer, ever eager to be topical and relevant, will draw some wider lessons from what is apparently an isolated problem, albeit extensive.

The shock potential of the BASH bug lies in several key points: its 20-year period as an unknown sleeper (how did it get past us for so long?); that so much modern software is built on this low-level code (including LINUX and modern versions of Mac OS X); and finally, that it has been rated by some analysts as vulnerability level 10 out of 10. It couldn’t have been much more shocking.

Just at the point at which we are preparing to base our entire domestic and business life management on advanced information technology (the ‘Internet of Things’), we are realising that the whole of the software industry output to date is deeply flawed. We ‘know’ that all complex software contains bugs, but this particular one was ‘unknown’ until recently. It was a ‘known unknown’. Now of course it’s a ‘known known’. However, it is sufficiently shocking to make us consider how many other ‘known unknowns’ are lurking in our software assets that are critical to the success of modern society and its economic stability.

We have a great deal of faith in ‘open source’ software, mainly because it is supposed to be self-regulating in terms of the avoidance of malicious code. Because the entire global community of software engineers gets to poke and prod at the source code in every detail, the likelihood of anyone managing to slip in some malicious code is very small indeed, although not impossible. Even the smartest source code reviewer is incapable of processing a logical trail that has been deliberately designed to have a level of complexity that exceeds their human mental capacity.

Despite the strength offered by extensive public review, the system of open source suffers greatly for the absence of any governance. Coding standards and documentation are often of such poor quality that it is difficult to assess what is actually in the code. The proliferation of interpretive programming languages means that testing is highly dependent on the run-time environment, and even a change of processor can make huge difference to code behaviour. For example, AMD and Intel processors have different default ways to handle exceptions that are unhandled by the application code. Code developed and tested on an AMD chip may not work on an Intel chip. In another example it seems that the published source code for the ‘C’ language interpreter cannot be compiled to create the same binary object code in the published interpreter. What should we make of such discrepancies?

What’s more worrying is that even under this huge public scrutiny of open source, such vulnerabilities as the BASH bug can go undetected for so long, because people don’t often find things for which they are not searching.

The Attributer has been told by reliable expert sources that the basic problem is the deeply flawed von Neumann machine architecture (dating from 1945) on which our entire computing capabilities are built. It seems that if we were starting again now, we wouldn’t do it that way, but that the global investment in von Neumann architecture is too great to be abandoned.

One day we shall have to grasp this nettle, uproot it and replant with a friendlier specimen. How shall we approach that process? We shall use SABSA Business Attribute Profiling as a means to specify all the desired behaviours of our computing platform architectures. Then we can start again, knowing what we know now, to develop a global infrastructure that is fit for purpose in the modern world.

The Attributer

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.