US researchers are working on a project that could herald the dawn of a more secure operating system, free of the common glitches that hamper today's offerings.

Based at Cornell University and AT&T Labs, New York, the three-year-old Cyclone project is a variant of the programming language C. It is designed to eliminate common bugs and major programming glitches before the software is even released.

The team behind Cyclone describe it as "a programming language that is as C-like as possible while preventing unsafe behaviour" such as buffer overflows.

Greg Morrisett, associate professor at Cornell and head of the Cyclone team, said the project was designed to influence the next generation of programming languages by avoiding classic security problems.

"No-one writes 100 per cent good code and they never will," he said. "We can't guarantee total correctness but Cyclone is quite effective at eliminating bugs that lead to security breaches."

Morrisett told vnunet.com that over-simple buffer overrun errors account for 50 per cent of security problems in applications and is a problem that Cyclone can deal with effectively.

The Cyclone compiler effectively checks C code using its "type checking engine", singling out known problems or conflicts in the code's purpose and rewriting the code or suggesting a fix. Even if a bug still exists Cyclone will halt the application safely, while avoiding dangerous crashes.

So far the team has created a Cyclone-based web server, which is free from the usual bugs, "but our ten-year goal is to make an entire secure operating system based on Cyclone," Morrisett said.

Cyclone will feature at the Programming Language Design and Implementation Conference in Germany next summer.

The Cyclone project homepage can be found here.