[langsec-discuss] Is computation half the story?

Matt DeMoss demoss.matt at gmail.com
Thu Apr 2 02:57:24 UTC 2015


Have you seen the paper, "Towards a Theory of Application
Compartmentalisation?" The protocol-centered approach taken there jibes
well with what you wrote about "informational ability."

On Wed, Apr 1, 2015 at 10:46 PM, Andrew Ruef <munin at mimisbrunnr.net> wrote:

> isn't this captured in the definitions of quantified information flow?
>
>
> > On Apr 1, 2015, at 22:28, Taylor Hornby <havoc at defuse.ca> wrote:
> >
> >> On 04/01/2015 10:15 AM, Jacob Torrey wrote:
> >> I've had similar thoughts, and a rather hasty blog post I wrote a while
> >> back may be of interest:
> >>
> http://blog.jacobtorrey.com/towards-a-new-model-of-computational-expressiveness
> >>
> >> - Jacob
> >
> > Thanks for that link. I'm glad to see others thinking about this!
> >
> > Your blog post inspired me to try to define "isolation" using Turing
> > machines as a model. If you can do it for a Turing machine, then that
> > should apply to any more specific model by the Church-Turing thesis.
> >
> > I failed terribly. I was trying to say something along the lines of: If
> > A and B are disjoint subsets of tape indices, then A is isolated from
> > B iff you can freeze the machine at any time, wiggle the tape cells in
> > A, and the cells in B won't be affected by your wiggling for the
> > remainder of the computation (and vice-versa).
> >
> > That doesn't work because the sets A and B have to depend on the input
> > length (I'll omit the proof; consider the language of strings containing
> > a "1").
> >
> > The whole notion doesn't make much sense for a Turing machine on
> > a single input (we're just saying "these are cells the TM never
> > meaningfully uses, even though it might read/write them"), but if you
> > allow parts of the inputs to be chosen by different actors, the idea
> > makes more sense.
> >
> > You can come up with a reasonable definition for a constant number of
> > actors. If there are K actors, let A1, A2, ..., AK be disjoint sets and
> > give the TM K read-only input tapes plus one work tape, where input tape
> > i is contained in Ai, and so on...
> >
> > But that's not good enough. Real systems interact with an arbitrary
> > number of actors, each wanting to be isolated from the others.
> >
> > So here's a question. Is it possible to give any TM-based definition of
> > isolation that (1) doesn't depend on the number of actors or input
> > length, and (2) is more insightful than
> >
> >    On any K-tuple input (W1, W2, ..., WK) the machine outputs a K-tuple
> >    (R1, R2, ..., RK) and if Wi is fixed, Ri is fixed no matter how you
> >    change the other Wj's.
> >
> > That definition doesn't satisfy me because it has nothing to do with
> > computation; it's just a property of a *function* that a TM might
> > compute. It doesn't expose any Turing-machine internals to reason about.
> > Is there a good definition that does?
> >
> > -Taylor
> > _______________________________________________
> > langsec-discuss mailing list
> > langsec-discuss at mail.langsec.org
> > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
> _______________________________________________
> langsec-discuss mailing list
> langsec-discuss at mail.langsec.org
> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20150401/a9db8a71/attachment-0001.html>


More information about the langsec-discuss mailing list