[langsec-discuss] Complexity and langsec
eric.norige at gmail.com
Wed Jul 4 16:11:00 UTC 2012
On 07/04/2012 11:28 AM, Derick Winkworth wrote:
> When I'm reading the langsec papers, I can't help but feel that the
> narrative has a direct relationship with emergence in complex systems.
> It seems to me that as systems become increasingly complex, they
> become increasingly exploitable as you inadvertently create
> expressiveness in the "weird language." This property is an emergent
> property, no?
> Am I off-base here?
I don't see it quite the same way - in the theory world, there is a kind
of cutoff where the expressibility of your language reaches a point
where it's sufficient to encode proofs. Once this level is reached, the
system cannot be fully formally analyzed, as its ability to
self-describe allows one to create structures that correspond to "this
sentence is false".
I don't see as much of a "increasingly exploitable" curve, as one can
either recognize valid input or you can't. If you can recognize valid
input, then you can handle it properly, if you can't, there's no hope of
handling it properly in all cases. The kinds of things needed to reach
this cutoff include testing nontrivial properties of programs and some
properties of some classes of languages. Just having field lengths as
part of your language isn't sufficient to reach this cutoff.
PhD student, Michigan State
More information about the langsec-discuss