Meanwhile, Rashid said Microsoft continues to work on tools that improve application security by addressing it in the development phase of the application lifecycle. Rashid said Microsoft Research has been building tools to find software defects since 1998. Two of its first tools are Prefix and Prefast, which are heuristic modeling tools to detect defects in C and C++ programs. These are what Rashid called first-level tools. Prefix is available now, and Prefast will be available in the next version of Visual Studio, which is Visual Studio 2005.
Second-level tools include sound, declarative tools like SLAM— Software (Specifications), Languages, Analysis, and Model—checking tool. An example of a third-level tool is the KISS (Keep It Simple & Sequential) tool, which is a project to explore novel techniques for analyzing concurrent software. However, "tools arent enough," Rashid said. "At the end of the day, tools will never solve critical design errors if youre doing software in a way that people dont want to use it."
So Microsoft Research is working on a Microsoft operating system research project known as the Singularity Project that uses a verifiable language—known as Spec# (pronounced "Spec sharp")—correctness tools, formal design specifications and modeling tools, error detection and recovery, systemwide security, real-time managed code, and other attributes.
A Microsoft description of the project on the companys Web site said: "Singularity is a cross-group research project focused on the construction of reliable systems through innovation in the areas of systems, languages, and tools. We are building a new OS (called Singularity), extending programming languages, and developing new techniques and tools for specifying and verifying program behavior."
Meanwhile, Rashid said, "Were at a point in the cycle where mainline CPUs are stalling out," thus he hailed "the rise of the GPU, or graphics processor unit, for general-purpose highly parallel program computation."