INCITS, 1101 K St NW, Washington, DC 20005, USA
17-18 September 2015: 0900-1700 EDT (1300-2100 UTC)
Stephen Michell
- Convenor
David Keaton - USA / CERT
Haibo Li – CAT
China
Erhard Ploedereder – WG 9?
Clive Pygott – UK, MISRA
C++
Minutes for Meeting 36 (N0559) and 38 (N0574) approved.
|
|
||||
|
2016 |
||||
|
#47 #46 #45 #44 #43 #42 |
November 2016 October 2016 14-16 Sep 2016 TBD(not 13-19) June 2016 TBD May 2016 April 14-15 |
Teleconference Teleconference Vienna, Austria with SC 22 Plenary Ottawa? Kona? Face-to Face, Teleconference (UTC 2000, 2 hr) BSI, London UK, with SC 22/WG 14 |
|
|
|
#43 #42 #41 |
7 March 2016 8 Feb 2016 11-12 Jan 2016 |
Teleconference (UTC 2100, 2 hr) Teleconference (UTC 2100, 2 hr) Orlando, Florida |
||
|
|
||||
|
2015 |
||||
|
#40 |
23/11/15 |
Teleconference (UTC 2100, 2 hr) |
oo |
|
|
#39 |
21/10/15 |
Cancelled as a P2P meeting. Teleconference (UTC 2000, 2 hr) |
||
|
|
|
|
||
|
|
|
|
||
|
|
|
|
||
|
|
|
|
||
Subcommittee completed its 2015 Plenary on Tuesday 15 September 2015. WG 23 requested a formal project split of 22.24772 into 9 parts: Part 1 Language Independent; Part 2 Ada; Part 3 C; Part 4 Python; Part 5 Ruby; Part 6 Spark; Part 7 PHP; Part 8 Fortran; and Part 9 COBOL. The resolution for this item (15-07) passed unanimously.
WG 23 further requested that TR 24772-1, -2, -4 and -8 be commenced immediately, with a 36 month target date for publication, and a scope and editor assigned. The resolution for this item (15-08) passed unanimously.
Annex given to WG 9 and ARG to address. Will be subject of discussion at October WG 9 meeting.
Draft of Part 3 is submitted. WG 14 confirmed TS 17961 Secure C coding rules. Expect to close open defect report on TS 17961.
C++ members are creating guidelines to avoid problems in the language. Once this has been published, it may be useable to us.
Looking at developing a Part for C++. Edited the outline for C++ language vulnerabilities. Looking at security for C/C++ - oriented towards inter-vehicle security.
Waiting for a decision from Altran and WG 9 as to who does the update for TR 24772-6??
Review document N0578
We discuss OO vulnerabilities.
One vulnerability is “downcasting”. Some languages use dispatching to catch. We can create a vulnerability OO type conversion issues. Erhard to create initial draft.
Another vulnerability is “method not found” - mostly found in Smalltalk and in scripting languages. Problems come from dynamic typing or “ducktyping”
Constructors can lead to infinite recursion.
Thw results of the review is contained in [N-0583].
Document is in hands of WG 9 for updates.
Review document N0558 Python language vulnerabilities contributed by Santiago.
Review document N0560 Fortran language specific vulnerabilities
Review document N0580 which is an edit (from Stephen Michell) of N0554 for C language specific vulnerabilities contributed by Clive Pygott. Can we add any vulnerabilities for concurrency? Results of the review is contained in document [N-584].
As available
Review newly created SD 6 for correctness and formatting. We decide to review at meeting 40 in November. Everyone is asked to examine SD 6 before the meeting 40.
At an earlier meeting, it was recommended that we consider developing programming standards to avoid section 7 (design) vulnerabilities. A discussion is needed as to what format such document(s) would take, what level of assurance they should target, i.e. scope, goals. Before going too far, should we draft an outline of a sample standard (or technical specification)?
Larry agrees to develop an early cut at a document that consolidates section 7 guidelines as a secure, language independent coding standard.
4.2 An idea was presented this week to mine the guidance to user sections for common guidance, and to create a top N (N=10, N=25, etc) guidances that can be used by people creating programming guides. A reasonable place to put such guidance would be in section 5.
Larry presents and initial list, captured as N0584, which was discussed and updated.
Should WG 23 become the champion for Secure-(language=Java, C++, etc) coding rules? The rules going into section 5(?) may convert into such rules. Some reluctance was expressed that rules frame the security level that you are assuming. Another idea is to aggregate all rules in each language part and point to the sections where they are described.
David mailed a draft TS 17961 for consideration and discussion at meeting 41 (Orlando).
4.4 We have an issue with moving to ISO eCommittee, in that people that contribute that are not registered as NB experts get unequal access to documents. Other committees do not use the N-numbering system the way that we have. They use the N-numbers for official (process) documents such as minutes and agendas, and for product versions ready for ballot. All other documents are “informal”. Would such a process work for us? We could set up a CVS or GIT or SVN system where it is easy and reliable to identify versions of a document as it is edited. General interest in the approach. Concern about implementation. Explore with WG 21 experiences in managing such systems. Prepare for discussion at meeting 41 (Orlando).
AI 38-01 David Keaton, put reference to TS 17961 Secure C coding rules into TR 24772-3 draft.
AI 38-02 Larry Wagoner, create a draft set of Top 10 (or Top 25) User guidance (rules) for TR 24772-1 (closed)
AI 38-03 Stephen Michell, Kill IEEE grouper old site reflector.
AI 38-04 Stephen Michell, open-std.org reference to WG 23 points to grouper – get fixed. Also ensure that search references to vulnerabilities includes open-std.org. Also the page on open-std.org that names SC 22 committees misses us. (closed)
AI 38-05 Stephen Michell, determine experience with versioning systems from WG 21, etc.
AI 38-06 Stephen Michell, propose a rewording (generalization) of Part 1 clause 6.16 [PIK]
AI 38-07 Larry Wagoner, sanity check changed references to JSF rules in Part 1.
AI38-08 Clive Pygott, From Part 1 clause 6.29 TEX, Other issues around loop control variables are missing. See N0564 for JSF AV 198. & 199
AI38-09 Erhard Ploedereder, Part 1 clause 6.39 Fault tolerance and failure strategies – expand upon mechanisms of failure and guidance to users.
AI38-10 David, check Part 1 clause 6.6 conversion errors. Integrate migrated text from Part 1 into Part 3. Make sure this applies to general conversions.
AI38-11 Stephen, In Part 1 section 7, make guidance imperative throughout.
AI 38-12 Larry, Take Part 1 section 7 and initiate converting the material to a coding standard that puts the guidance up front and uses the vulnerability descriptions as rationale.
AI 38-13 Erhard, draft a few OO vulnerabilities, likely based on “downcasting”, “method not found” and “Constructors can lead to infinite recursion”.
AI 38-14 Santiago, Make changes as requested in N0586 (Python after meeting 38), including fixing bibliography.
AI 38-15 Santiago, Also analyze concurrency vulnerabilities for Python.
AI 38-16 All, Examine SD 6 before the meeting 40.