Banking

Chat / Discussions
1

Hi all

A lot Banks on the world are using JDK or .NET for security reasons.

What about BEAM, it is secure enough for banks?

Thanks

2

Goldman Sachs is running critical services on Erlang/BEAM as does Ericsson for control plane for telecom equipment that handles majority of cell traffic in the world. Bet365 is also running on Erlang/BEAM.

3

The BEAM has been around longer than .NET and longer than Java, and has been used in very important systems such as telecommunications network switches. The BEAM has shown in practice to be highly resilient and the fault-tolerant properties are something that I believe are very valuable or maybe even essential for applications that work with money.

So yes, I would say it probably is at least as secure as the JDK and .NET.

1 Like
4

That being said, I also wonder about what a language with dependent typing would be able to add to the resilience of banking software… :thinking:

2 Likes
5

I don’t think you guys are answering the question. Whether it can scale or is fault tolerant doesn’t make it secure. That doesn’t make it more or less secure than any .Net or Java solution either.
Also the fact it’s used in another big company doesn’t prove anything.

6

@Qqwy you might want to take a look at Jane Street. It’s a financial related company that heavily uses functional programming (specially OCaml) in their software. They even write a pretty big and fundamental library (Core) for it, I believe.

2 Likes
7

The fact that it is used by big companies in mission critical areas while being high value hacking targets and there are no high profile breaches of those companies is fairly decent validation as related to the question.

3 Likes
8

In general, it might be worthwhile to explore the nuances of security regarding Erlang’s distribution model, and then compare/contrast with the information you know about JDK or .NET.

I found these papers to give a good starting point for Erlang:

Application security of erlang concurrent system

Erlang & Application Security

Distribunomicon

9

I don’t think large corporations use Java or .NET for security reasons. I’d argue it’s more because those languages are easy to hire for.

2 Likes
10

The fact that it is used by big companies in mission critical areas while being high value hacking targets and there are no high profile breaches of those companies is fairly decent validation as related to the question.

I disagree.

You are providing no tangible resources to prove:

  • that it’s used in mission critical area (except for Ericson)
  • that it’s use in high value hacking targets (whatever that means)
  • that there are no high profile breaches (perhaps they were simply not revealed).

So no, you are just assuming things. Regarding security, everyone has to stay very humble whether your current favorite toy is Elixir, .Net or anything.

I don’t want to sound harsh but it’s a fairly important question and I think it would be terrible if the community provided such a non scientific reasoning when decision makers start asking this question.

11

FWIW when it comes to finances and banking I wouldn’t personally use a dynamic language at all, but that’s another argument :slight_smile:

12

Let me be more specific:

Information Security consists of the following fundamental key concepts:

  1. Confidentiality.
  2. Integrity.
  3. Availability.
    When it turns out that there exist one (or multiple) ways in which the system can be tricked into violating one of these concepts, then your system is insecure.

Of course, the security of a complex system is the minimum of the security of its parts (i.e. the ‘weakest link’). So both the tools you build on, and the software you build on top of these tools need to be secure.

The fault-tolerancy of the BEAM means that at least Availability is easier to archieve for an application that is built on it. (So yes: Fault-Tolerancy definitly does directly affect the security of the system. DDoS attacks become more and more common nowadays).

Immutability and the nature of data sharing between processes (in that it is only possible to do this by sending messages) also hints at stronger guarantees that make it harder to write code that violates the system’s Confidentiality or Integrity. Of course, although it might be slightly harder, the application developer still can make mistakes even with these extra properties: It makes shooting yourself in the foot harder, but not impossible.

The fact that ‘some big companies’ use it only proves that there exist some companies that trust that it is secure. This is of course only tangentially related to if it is secure in practice. Of course, the exact same argument can be used against the JDK or .NET environments.

The source code of the BEAM is open, which means that it adheres to Kerckhoff’s Principle just like the JDK, but I believe that some parts of the .NET framework are still proprietary and should therefore be considered potentially unsafe.

Security is a very difficult topic. Proving that something is possibly insecure is often much easier than proving that something really is secure (Rather, the latter is usually impossible because there are too much things out of your control).

1 Like
13

What is not good about dynamic language?

14

I believe @sotojuan is referring to the amount of errors that are catched at compile-time if you write your programs in a statically typed language, which mean that you will not encounter these errors at runtime (some examples would be attempting to add a string to a number, or attempting to do something with an object that is undefined/null).

2 Likes
15

  • that it’s used in mission critical area (except for Ericson)
    Ericson is not just Ericson but every major Telco that deployed their equipment which is pretty much all of the worlds large telcos.
    bet365 moved to Erlang/Beam wholesale if you can breach bet365 you can siphon off millions of dollars per month through the affiliate program they don’t make figures public but from working as team lead for a comparable company I would estimate affiliate payouts in the range of 1-1.5 million USD per day.
    For GS
    You have too look through Erlang Solution presentation where they described it but it was a lot of areas including core business logic services as far as I remember.

  • that it’s use in high value hacking targets (whatever that means)
    It means you can generate large amount of money if you would breach this system

  • that there are no high profile breaches (perhaps they were simply not revealed).
    Well perhaps :slight_smile: Would you propose an alternative way to look at it?

16

Here in Indonesia, most Bank uses .NET for their website/internet banking. Yet, some of them is still got hacked several years ago.

So, I think it’s not always about tools. But more about how you write your program, whatever tools or language you use.

3 Likes
17

Sadly OCaml (and most functional languages) do not have dependent types. Although unlike Haskell and such you can emulate them in OCaml with its modules and polymorphic variants easy enough (with all the compiling errors you’d expect if you screw up your dependent typing too, so it works quite well).
/me so loves dependent typing…

Entirely this, I’ve worked for such a large corporation…

At the very least static typing on a dynamic language would be better, dependent types would be best. Dependent types are really really important in mission critical software, a good fall-back mechanism (like OTP has) is second, and proper prioritization of tasks is third (OTP process do not quite meet this sadly, have to do it manually).

Aaaand this is the biggest thing. ^.^

2 Likes
18

I think it’s important to keep in mind that it is hard to generalize for HFT execution layer they all pretty much use c/c++ often running things directly on the switch that has built in FPGA (Arista I think makes them).