[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-UserSecurity

David Chizmadia david_chizmadia@omg.org
Thu, 5 Apr 2001 16:46:31 -0400 

Mark,

    {Cross-posted because of the lambda calculus comment...}

    Actually I think that Jonathan's whole message applies equally well to
the lambda calculus in the general case.  I read his point as saying that
irrespective of perfect mathematics, experience has shown that there are
always imperfections introduced into implementation because of the
imperfections of the universe in which the implementation occurs.  This must
of course be qualified by the statement that we only have experience with
the single universe that we all appear to share :-)

    Thus, while the E lambda calculus may be mathematically perfect (I use
the qualifier since I haven't studied it and therefore have no basis for
making any judgement), its implementation could be compromised at any of at
least 3 distinct implementation points.  First, the compiler that transforms
the lambda calculus into JVM instructions could be flawed.  Second, any the
implementation of the JVM could be incorrect.  Third (in the case of
software implementations of the JVM), the native hardware instruction
specification could be incorrectly implemented.  If any one of these levels
is compromised, even a perfectly correct lambda calculus program could be
compromised.

-DMC
David Chizmadia
Assurance lurker
----- Original Message -----
From: "Mark S. Miller" <markm@caplet.com>
To: "Jonathan S. Shapiro" <shap@cs.jhu.edu>
Cc: <e-lang@eros-os.org>; <eros-arch@eros-os.org>
Sent: Thursday, April 05, 2001 3:35 PM
Subject: Re: [EROS-Arch] Re: [E-Lang] Re: Interaction Design for
End-UserSecurity


> Since Jonathan accidentally cross posted this response to both lists, I'll
> mention that it's a response to
> http://www.eros-os.org/pipermail/eros-arch/2001-April/002971.html , and
> answer briefly to both lists.  I doubt Jonathan & I have any substantial
> disagreements here, just terminological and rhetorical ones, so I hope to
> make this my last posting on this thread.
>
> At 10:36 AM Thursday 4/5/01, Jonathan S. Shapiro wrote:
> >You are absolutely right. What I should have written was:
> >
> >        In the real world, nothing's ever perfect, but
> >        some things are more perfect than others.
> >
> >The issue at hand is not the feasibility of mathematical perfection in a
> >quantum universe. The issue at hand is that every real system is
> >designed under assumptions about the environment in which it operates.
>
> I'll simply point out the contradiction between the unqualified broad
> indented statement about "nothing" vs the narrowly defined "issue at
hand".
> The lambda calculus is almost certainly perfect, and its encapsulation
> almost certainly provides perfect security.  This contradicts the above
> broad statement about "nothing", and it certainly falls outside Jonathan's
> definition of the "issue at hand".  While Jonathan's statement
>
> >So in the limit, I think that security pretty much *is* always
> >vulnerable to the next yet cleverer hacker. Not because of failures in
> >the techniques, but because of errors in the judgement of the people who
> >prioritize, deploy, and apply them.
>
> may be true within the narrow issue-at-hand scope he defines, I doubt that
> the lambda calculus itself is vulnerable to this sort of threat.
>
>
>         Cheers,
>         --MarkM
>
> _______________________________________________
> eros-arch mailing list
> eros-arch@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/eros-arch
>