Re: "Perfect" or "Provable" security both crypto and non-crypto?

From: Valery Pryamikov (Valery_at_nospam.harper.no)
Date: 09/18/04 

Date: Sat, 18 Sep 2004 10:39:37 +0200

"Mok-Kong Shen" <mok-kong.shen@t-online.de> wrote in message
news:cigp4v$e0i$00$1@news.t-online.com...
>
> I thus also don't understand
> why Pryamikov in a later post said that he revised his opinion
> stated in a follow-up to Wagner.
>
David and Roger was talking about program using its own means to process
unstructured data and base its (program's) semantics on assumptions about
structure of that data. For the compiler and runtime it's just a blob or
array of bytes (i.e. no structure). Therefore JIT and runtime could only
provide boundary checking based on dimensions of that blob.
For program it could be ASN1 DER encoded data or delimited string or
whatever. Insufficient checks by program may lead to the program's errors.
Managed environment only ensures that the program could not improperly
interfere with host operative system (by protecting from buffer overflows),
but it (runtime) can't protect for example from programmer's mistakes (like
embedding passwords in the program :-).

-Valery.

Relevant Pages

  • Re: Elvis Costello albums set for THIRD round of reissues
    ... weaker, re-recorded version. ... liner note that said "You're lucky you got it at all, ... Keep protecting your boy, Ruth... ... You know, David, I really don't feel the need to protect any rock star. ...
    (rec.music.artists.springsteen)
  • Re: Windows File Protection
    ... Hi David, ... I agree with Karl, change the permissions. ... command-line utilities, etc., you want to protect, you could create a separate Group, ... Section: Protecting "Special" Binaries ...
    (microsoft.public.win2000.security)
Quantcast