Software Consulting Tornado Icon Software Consulting Tornado Icon

Hostile Environments

I use the term "hostile" to characterize an environment in which there are entities that are not necessarily trustworthy or trusted. The Internet is a hostile environment for a networked device; Earth is a hostile environment for a life form; whereas, one's own home might not be considered hostile.

In a hostile environment, untrusted entities might use any of a number of strategies to gain, and then exploit, trust. Examples include trojan horses (software claimed, or claiming, to do one thing, when in fact it does something else, when run on a victim's computer, that would not normally be desired by that victim) and false authorities (people who claim to have expertise or authority in order to obtain undue authority over others, extract resources from them, and so on).

Therefore, it is important to tag and validate input from any untrusted entities: tag it as being from an untrusted source (ideally, keep track of the source); and validate it prior to using it in any way that presumes it is in any way trustworthy.

In software systems, the flexibility of the underlying system can "collide" with the need to tag and validate input, with disastrous results when the failure to validate allows an untrusted entity to exploit the system's underlying flexibility.

Some systems attempt to validate input in ways that make things worse:

Examples of failures to tag and/or validate input from untrusted sources include:

Generally, insufficiently typed languages, or systems, provide a wide variety of opportunities for untrusted data to be treated as if it was partially, or completely, trusted.


Copyright (C) 2006 James Craig Burley, Software Craftsperson
Last modified on 2007-07-10.