[cap-talk] is defensive correctness a plausible null
Mark S. Miller
erights at google.com
Tue May 17 08:00:01 PDT 2011
On Tue, May 17, 2011 at 4:40 AM, Viswanathan, Kapaleeswaran (HP Labs India)
<kapali at hp.com> wrote:
> The two paper OZE.pdf and TGC05.pdf appear to describe defensive
> consistency differently. TGC05 talks about defensive consistency in terms of
> service guarantees: server provides well-behaved clients with either no
> service or correct service but never provides a wrong service. OZE talks in
> terms of well-formed inputs. I am not sure if both are equivalent or not.
I do not believe they are equivalent, though perhaps Fred (cc'ed) can
comment. The term was coined in TGC05 and further expanded on in my thesis.
I will proceed considering the version in my thesis definitive.
> Are you talking about a mathematicians (human verifiable) proof or a
> machine verifiable proof of defensive consistency? I do not believe that the
> concept may be ameneable to machine verifiable proof.
What about <http://www-cs-students.stanford.edu/~ataly/Papers/sp11.pdf> by
Ankur Taly (cc'ed)? (Paper shortly to be presented at IEEE Symposium on
Security and Privacy)
Ankur, this paper does not talk about defensive consistency per se. But it
does quantify the attackers over all possible attacker programs and
behaviors, which would seem to amount to the same thing. Do these proofs
constitute proofs of defensive consistency?
> cap-talk mailing list
> cap-talk at mail.eros-os.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cap-talk