An introduction to the language, its main concepts and its potential.
The number of security incidents has been on the rise for years, and the growth of the Internet of Things is unlikely to improve the situation. Successful attacks on all kinds of interconnected smart devices, from car locks over home security systems to highly automated factories, have already been demonstrated and carried out.
An aspect contributing to the bad state of security is the use of programming languages which are highly prone to vulnerabilities, namely C/C++. With the increased interconnection of systems which could pose a danger to life if disrupted, for example vehicle controls or critical infrastructure, there is a need for programming languages which provide a higher level of security „by default“.
Introducing Elixir
An interesting candidate is the Elixir programming language. Elixir is a rather new language, only appearing in 2012, and in continuous development since then. It can be seen as a successor to Erlang, which has been in use for decades to build highly reliable and resilient systems, mainly in telecommunications. Major, well-known systems currently using Erlang are Whatsapp and the Facebook Messenger.
Elixir shares many traits with Erlang and even runs on the same virtual machine (BEAM). It is a functional, concurrent language meant to enable developers to program robust, distributed systems running with next to no down-time. Elixir has already been successfully used by Pinterest with remarkable performance gains. More details, and a worthwhile read, can be found in Pinterest‘s engineering blog.
Major Features
Everything in an Elixir application runs in light-weight processes, which can be executed on multiple cores by default. According to the developers, hundreds of thousands of processes can be run concurrently on a given machine. There is no data sharing at all between processes. Communication is carried out via message passing, even beyond machine boundaries, easily realizing distributed systems. Complementing Elixir’s parallel computing capabilities is its support for stream processing, like map, reduce, filter and generator operations, in lazy or eager variations.
A powerful concept Elixir shares with Erlang are supervisor hierarchies. Supervisors are processes monitoring child processes, both workers and other supervisors. Supervisors also enable the „Let it crash“ approach of Elixir, where malfunctioning or crashed processes are simply restarted instead of trying to handle errors in a complicated way. Multiple different supervision strategies enable fault-tolerant systems with high uptime.
Elixir also provides powerful pattern matching, used throughout many language constructs. Other highlights of Elixir, distinguishing it from Erlang, are Protocols, which are used for realizing polymorphism, its advanced meta-programming capabilities and the Mix build tool for compiling, testing, managing dependencies etc.
Another advantage Elixir has about Erlang is its syntax, which is easier to read and understand. This could prove to be a deciding aspect for programmers to adopt the language, as Erlang has often been criticized for being complicated, or even been called esoteric by some.
As a sample for Elixir’s syntax, a simple “ping pong” program, demonstrating the use of message passing between processes in Elixir:
defmodule Pingpong do def start do IO.puts("Starting") proci = spawn_link fn -> loop end proco = spawn_link fn -> loop end send(proci, {:ping, proco}) end def loop do receive do {:ping, target} -> :timer.sleep(1000) IO.puts("Got Ping, sending Pong") send(target, {:pong, self()}) loop {:pong, target} -> :timer.sleep(1000) IO.puts("Got Pong, sending Ping") send(target, {:ping, self()}) loop end end end
This program produces the following output:
Furthermore, Elixir is able to directly call functions and modules provided by Erlang, without any need for wrappers. This enables access to proven Erlang-libraries like the Crypto module, which among others provides means for encryption, hashing and digital signatures. Another library collection Elixir has access to through Erlang is the Open Telecom Platform, which has successfully been used for constructing systems with high availability and stability, as mentioned before.
Regarding security, the functional programming paradigm itself encourages and enables a more secure approach to programming, especially through concise code and easier tracking of bugs, since there is no state which could be directly manipulated by an outside process, i.e. side effects. Functional programming and processes additionally facilitate hot code swapping. This a huge advantage for production environments, as it makes updating running systems a possibility without having to stop workflows for code updates. This in turn yields further security benefits, especially in industrial environments.
The combination of light-weight processes, communicating by message passing and supervisors for monitoring distributed components results in Elixir being highly suitable for large IoT systems consisting of a heterogeneous mix of devices and actors with limited computational capabilities. The Nerves-project aims to provide a framework for creating firmware and embedded applications with Elixir. While Nerves is still in development, it has already been used to create industrial firmware, according to the project’s website. Nerves is open source and is meant to provide an alternative to C/C++ in the future.
Future Research
With Elixir being in a production-ready state, many interesting research questions open up:
As Elixir aims to provide an alternative to C/C++, thorough performance comparisons between the two languages will be of high importance. This is especially the case for embedded environments, where Elixir might be at a disadvantage due to its need for a VM. Additionally, systems built with Elixir could be compared to older Erlang systems, not only regarding performance, but also reliability.
Speaking of reliability, the next aspect to examine is whether Elixir offers improved security in practice. Are there components of the language which are susceptible to attacks, e.g. the supervisor hierarchies or the Erlang VM? And how do Elixir systems react to common attacks like DDoS or code injection? Time will tell for sure, but a systematic approach to these points might be preferable.
Hot code swapping could be a major selling point for the language, as such there would certainly be interest in respective proof of concepts for larger industrial systems. In a similar vein, the possibility of directly updating and replacing Erlang systems with Elixir code could warrant some research as well, and promote the spread of the language.
Closing Words
While Elixir is still relatively little-known, with its interesting concepts and its potential to succeeding Erlang, there is hope that it will see vaster usage. Certainly, the language provides the means necessary to building large, resilient systems and may even contribute to improve the state of IT security.
Sources:
Leave a Reply
You must be logged in to post a comment.