Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The Mathematics of Relative Security

From: Crispin Cowan <crispin () immunix com>
Date: Wed, 22 Sep 2004 21:22:24 -0700
Chris Pugrud wrote:


--- Crispin Cowan <crispin () immunix com> wrote:
More succinctly, if you ask the question "am I secure?" in a highly rigorous fashion, the likely answer is "Hell no" :) 
This is distinctly the intuitively obvious answer.  The more rigourous answer
is that only insecurity can be proven, testing security reduces to the halting
problem.
That is not quite correct: security *can* be proven. Turing's Halting Problem says that you cannot build a general-case security proving program, because the proof is based on diagonalization, i.e. apply the prover to itself.
However, in the cases where you can prove security, the costs of proving it are astronomical, and the costs of achieving that security are pretty high too. 


TCP also introduces a wrinkle that is not easily covered by the set theory I
have learned, or I'm missing something - the concept of one-way membership.
Consider using graph theory instead of set theory, as it at least has a built-in notation for directionality on edges. 

Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: