Document ISO/IEC/JTC 1/SC 22/WG 23 N0506


Draft Minutes of Meeting #31
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
26-27 January 2015


Meeting Times:

26 January 2015: 0900-1700 CST
27 January 2015: 0900-1700 CST
PLACE: Kemah Boardwalk Inn, Kemah, Texas

Agenda

1. Opening activities

Attendees

Stephen Michell – Convenor, Canada

Erhard Ploedereder – Liaison WG 9

Larry Wagoner – Editor IS 17960, US

David Keaton – Liaison WG 9, US

Tatsuaki Takebe – Liaison SC 27 WG 3, Japan

Remote Participants

Clive Pygott – Liaison Misra C++, UK

Santiago Urueña Pascual – Spain

Tullio Vardanega – Italy

Robert Karlin – Liaison COBOL, US

Dan Nagle – Liaison Fortran, US

Chris Tandy – Canada, COBOL

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

1.3 Procedures for this Meeting

1.4 Approval of previous Minutes

Posted as document N499, 2 issues from David.

1.5 Review of actions items and resolutions,

Action Item and Decision Logs - Document 492 – put back as S0001

1.6 Approval of Agenda [N 0499]

Approved

1.7 Future Meeting Schedule


2016

#4z

#4y

#4x

Sep/Oct

June

April 14-16

TBD

TBD (possibly SC 22 or SC 7)

London, UK





(BSI and somewhere for Saturday)

#40

TBD Jan-May

Monthly teleconference


2015

#39

#38

#37

Oct 27-29?

Sep 21

June 26-27

New Delhi, India with SC 27

Teleconference

Madrid with Ada Europe

#36

May 26

Teleconference, 2000 UTC

#35

April 27

Teleconference, 2000 UTC

#34

March 30

Teleconference, 2000 UTC

#33

February 23

Teleconference, 2100 UTC






2. Liaison Activities (as needed)

2.1 SC 22

No report.


2.2 PL22.3/WG5 (Fortran)

Annex in V3 but needs changes to reflect vulnerability changes for V3. Major concurrency feature is coarrays. Planning on a draft of the Fortran annex for WG 5 meeting in August.

2.3 PL22.4/WG4 (COBOL)

The US NB has terminated PL22.4. All standards functions related to COBOL are now handled by PL22. Work on COBOL is now being led by SC 22/WG 4, but there are no scheduled meetings at this time. Some WG 4 members are working on producing an annex for TR24772.

2.4 WG9 (Ada)

Ada is currently working on a technical corrigendum and defect report for the language. The HRG is waiting for responses from WG 23 to begin work on revising the Ada annex.

2.5 PL22.11/WG14 “C”

Working on defect report for C secure coding rules TS17961. Considering mapping C coding rules to TR 24772.

2.6 PL22.16/WG21 (C++)

No report.

2.7 Ecma International, TC49/TG2 (C#)

No report.

2.8 Ecma International, TC39 (ECMAScript)

No report.

2.9 MISRA C

V3 of MISRA C is published – doing maintenance work. Looking into beginning work on V4 to take into account C:11 changes. Considering security issues because of concerns about communications outside the vehicle.

2.10 MISRA (C++)

Commenced working on MISRA C++ revision. Targetting the 2011 version of C++ with an eye to 2014 version for the future. Trying to realign better with MISRA C. Discussed leading C++ annex for TR 24772. General impression is that it looks manageable.

2.11 SPARK

No report. Tullio to attempt to contact Florian Schanda and Angela Wallenburg (AI)

2.12 SC7/WG19 (UML)

No report

2.13 SC27/WG3, WG4 Security

Tatsuaki reported from WG 3 and discussed with group. Slide set N0507. Revised with WG 23 responses included in slides.

2.14 Other Liaison Activities or National body reports

3. Document Review

3.1 DIS 17960 Code Signing

Document progressing to FDIS. Any technical comments at this point will be used to generate defect reports or to generate work plans for maintenance of the IS.

3.2 TR 24772 Vulnerabilities

Work Plan, Multipart document

Differences between Draft V3 and Ada Annex (Erhard)

Review of Tucker Taft's submission N0507 on changes needed to Annex C (or part 2) for Ada 2012

Review of N0501 rework spreadsheet, where we need to confirm or change the recommendations in N0501, assign responsibility and decide how to adjust the TR to match the decisions confirmed.

Discussion of COBOL Annex

          3.3 Development of Business Plan

    We presently do not have an active project that justifies keeping the WG alive. The business plan sets out the projects underway and what the WG needs from the SC to help it set up the correct projects and organize the work. In the case of WG 23, we have the following needs:

Review of Spreadsheet

We Review the guidance comparison spreadsheet (N0507) to confirm/deny the observations, and to develop consensus on the approach to issues identified. The issues and approaches identified are in the edited document N0509.

The next step is to integrate the issues identified and proposed resolutions into a copy of the TR Ed 3 (N0461) and send them to the editor for preliminary integration and review. We part partition the main document as follows for the updates of the main sections of the document:

6.3- 6.12 : David Keaton.

6.13-6.22: Clive Pygott

6.23-6.32: Tullio Vardanega

6.33-6.42: Erhard Ploedereder

6.43-6.52: Santiago Urueña Pascual

6.53-6.57: Tatsuaki Takebe

6.58 – 6.65: Stephen Michell – initial writeups.

Assignees are requested to work proposed changes from analysis spreadsheet into their respective sections using Word change mode. Following that, update the spreadsheet (local copy) with changes. Also change recommendations to Annex providers to make them not antagonistic. Also look at your sections for improvements (add to spreadsheet with open status). Word files to Larry, spreadsheets to Stephen. Target date next meeting, Feb 23rd.

At next meeting, discuss how we give guidance to annex developers to incorporate guidance from relevant main sections – I.e applies, qualified “applies”, applies in modified form, or does not apply. We want to be consistent.

AI – Erhard – proposal, with Steve's help.

We discuss 6.64, notion of system function in C, and realize that some language can identify vulnerabilities that are completely within one language domain. We therefore decide to add another section to the language-specific (annex/part) to capture such vulnerabilities and invite our partners to populate them.

AI - Steve to rewrite Annex B to capture ISO demands for the documentation style of new language-specific “parts”.

4. Strategy Session

Working with other JTC 1 SC's and non-standards organizations

Companion document for TR 24772

How to avoid vulnerabilities in the software life cycle, such as

Discussion of International Real Time Ada Workshop and vulnerabilities – real time and others.

Stephen and Tullio to investigate if appropriate to develop position paper for workshop in April. Follow-up: Stephen submitted the concurrency vulnerabilities in 2011 and the deliberations of IRTAW were useful in finishing the write-ups. Any further work is language-specific, so no position paper will be submitted.

Discussion of embedded systems, low power systems such as sensors, and the difficulty in hardening them using gating-based security. Hardening the code in the first place is fundamental. Approach other JTC 1 SC's and WG's doing sensor networks, etc. -
AI Steve.

Section 7 accompany advice – OS specific or domain advice.

We will go away and consider how we may do this. Discuss at the next meeting.
AI – all, review section 7 vulnerabilities and consider what form and content could be put in a standard for coding guidelines, design guidelines, etc.

5. Other Business

5.1 Assignment of responsibilities

Liaisons

Robert Karlin – SC 22/WG 4 COBOL

Dan Nagle – SC 22/WG 5 Fortran

Erhard Ploedereder – SC 22/WG 9 Ada

David Keaton – SC 22/WG 14 C

(void) - – SC 22/WG 21 C++

Tatsuaki Takebe – SC 27/WG 3

(void) – SC 7/WG 19 UML

Clive Pygott – MISRA C++

Florian Schanda – Altran Spark

(void) – Ecma International


Editor / Editing Group

We have assigned primary editing roles to the various documents

Larry Wagoner – TR 24772-1 (main document before language specific annexes)


6. Resolutions

None

7. Action Items from Meeting

8. Adjournment

Adjourned at 1700, 27 January 2015.