[langsec-discuss] Complexity and langsec

Eric Norige eric.norige at gmail.com
Wed Jul 4 16:11:00 UTC 2012

On 07/04/2012 11:28 AM, Derick Winkworth wrote:
> When I'm reading the langsec papers, I can't help but feel that the
> narrative has a direct relationship with emergence in complex systems.
>   It seems to me that as systems become increasingly complex, they
> become increasingly exploitable as you inadvertently create
> expressiveness in the "weird language."  This property is an emergent
> property, no?
> Am I off-base here?
I don't see it quite the same way - in the theory world, there is a kind 
of cutoff where the expressibility of your language reaches a point 
where it's sufficient to encode proofs.  Once this level is reached, the 
system cannot be fully formally analyzed, as its ability to 
self-describe allows one to create structures that correspond to "this 
sentence is false".

I don't see as much of a "increasingly exploitable" curve, as one can 
either recognize valid input or you can't.  If you can recognize valid 
input, then you can handle it properly, if you can't, there's no hope of 
handling it properly in all cases.  The kinds of things needed to reach 
this cutoff include testing nontrivial properties of programs and some 
properties of some classes of languages.  Just having field lengths as 
part of your language isn't sufficient to reach this cutoff.

Eric Norige
PhD student, Michigan State

More information about the langsec-discuss mailing list