It is provably difficult or impossible to answer basic questions about what an arbitrary program will do, unless severe restrictions are placed on the capability of code. Look back at the archives if you are curious about the kinds of tradeoffs that can be made.
On Jan 18, 2017 8:51 PM, "Taylor Hornby" <tay...@defuse.ca> wrote: I've been thinking a lot about how mathematical results in complexity theory (NP-completeness and all of that good stuff) help determine what some aspects of our world are like. Most obviously, life in a world where we find an algorithm proving "P = NP" is very different from life in a world where "P != NP". Less ambitiously, we can ask if complexity theory has anything to say about simpler aspects of life. One of them is the attacker-defender arms race in computer security. I've written a blog post on this topic: https://bqp.io/will-we-ever-solve-the-hard-problem-of- information-security.html To save you a click, the thesis is (1) Most of us are optimistic for "silver bullet" discoveries that make doing computer security a LOT easier, and (2) Although it will be hard, we might be able to *prove* that no such silver bullets exist. I'm curious if part (1) of my thesis really is accurate. Do you think we're heading towards some breakthrough language design, algorithm, theorem, or whatever that will really change the state of things? Or are you expecting things to remain just like they are now (costly vulnerability-mining then patching production systems)? Or maybe your vision of the future is totally different from either of those options... Phrased differently, the community's research is obviously making security better towards some "local optima." What do you think the theoretical "global optima" is, even if it would take breakthroughs and decades of waiting for people to stop using the old systems to get there? -- Taylor Hornby _______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
