DanArmak comments on How to escape from your sandbox and from your hardware host - Less Wrong

28 Post author: PhilGoetz 31 July 2015 05:26PM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (28)
Tags: ai

Comments (28)

You are viewing a single comment's thread. Show more comments above.

Comment author: Dagon 01 August 2015 05:09:13AM 3 points [-]

I'm not sure "provably secure" means what you think it means.

Comment author: DanArmak 01 August 2015 10:35:09AM *  11 points [-]

I'm not sure what you think it means. Care to elaborate?

In computer science, provably secure software mechanisms rely on an idealized model of hardware; they aren't and can't be secure against hardware failures.

Comment author: khafra 31 August 2015 02:29:40PM *  3 points [-]

provably secure software mechanisms rely on an idealized model of hardware

In my experience, they also define an attacker model against which to secure. There are no guarantees against attackers with greater access, or abilities, than specified in the model.

Comment author: Dagon 01 August 2015 06:23:25PM 1 point [-]

I have yet to see any claims of a "secure" system that doesn't state the assumptions and validations of the hardware involved. It may be only my world, but a whole lot of attention is paid to the various boundaries between containers (sandbox, VM, virtualized host, physical host, cluster, airgap), not just to the inner level.

Mostly, "provably secure" means all layers, unless there's a fair bit of fine print with it.

Comment author: PhilGoetz 01 August 2015 07:46:21PM *  11 points [-]

Mostly, "provably secure" means all layers, unless there's a fair bit of fine print with it.

I don't think that's possible. Then "provably secure" would have to include a proof that our model of physics is correct and complete.

More generally, a "proof" is something done within a strictly-defined logic system. By definition it makes assumptions, and proves something given those assumptions.

Comment author: cousin_it 03 August 2015 07:43:59AM *  9 points [-]

Then "provably secure" would have to include a proof that our model of physics is correct and complete.

And also a proof that Bob from accounting can't be convinced to let the AI use his phone for a minute. That's a very tall order.

Comment author: Autolykos 05 August 2015 09:36:05AM 1 point [-]

Yup. Layer 8 issues are a lot harder to prevent than even Layer 1 issues :)

Comment author: DanArmak 01 August 2015 09:52:07PM *  2 points [-]

Yes, a provably secure system has assumptions about the other systems it uses, and they necessarily amount to "all those other systems work correctly and if they don't, it's their bug, not ours."

Provable security means no security-affecting bugs. Precious few software is written to be provably correct (rather than just proving the underlying algorithm correct). None of it runs on proven-correct operating systems with proven-correct bioses, drivers, and chipset ROMs all the way down to the network card and hard drive microcontrollers, because such mythical beasts don't exist. (And these microcontrollers have long been general-purpose computers capable of hosting malware vectors.)

And none of that software runs on provably-correct hardware, which doesn't exist either: software can be proven correct because it's an algorithm, but how can you prove the perfection of a physical device like a CPU, the absence of physical implementation errors like this rowhammer bug which aren't reflected in any design documents?

Comment author: SoundLogic 06 August 2015 12:30:23AM 1 point [-]

Step one involves figuring out the fundamental laws of physics. Step two is input a complete description of your hardware. Step three is to construct a proof. I'm not sure how to order these in terms of difficulty.

Comment author: mavant 23 August 2015 06:39:25PM 0 points [-]

1-3-2 in descending order of difficulty

Powered by Reddit Powered by Reddit