Re: [Full-disclosure] Gödel and kernel backdoors
On Sun, 19 Sep 2010, Georgi Guninski wrote: > On Sun, Sep 19, 2010 at 06:21:35PM +0200, Pavel Kankovsky wrote: > > On the other hand, It is possible to "detect all bad programs" if it is > > allowed to err on the safe side and mistake some good programs for bad > > programs. An extreme example is to call all programs bad unless their > > exact code appears on the list of known good programs. > > i doubt this can be remotely implemented in practice because of dynamic > code like |eval| and mobile code. It certainly can be implemented. But it would be very restrictive. Perhaps not quite convenient for a general purpose system but imho quite adequate for systems whose task is to keep planes in the air, nuclear fuel in reactor vessels etc. But keep reading... > can |code| be realistically distinguished from |data| for current OSes > (e.g. is a vim modeline *only a* plain string or a string + program) ? Do it when it is unavoidable and do not do it when it is impossible. The difference between "code" and "data" lies in their interpretation. Is this e-mail message a piece of data or a piece of code executed by a kind of virtual machine interpreting every byte of its body as an instruction to display one character? In fact, most of the "code" is not anything able to run on the top of bare metal. You need a (semi-)virtual machine implemented by an OS kernel that augments the CPU instruction set with system calls. And it is the ability to interact with the outer world via these system calls (or around them if kernel mechanisms can be circumvented) that really matters. This leads us to an alternative approach: prove that 1. a certain virtual machine will never make it possible to execute a "bad operation" (e.g. modify the OS) and 2. the program cannot be executed by any other vm. You do not need to care much about the actual program's code: it might overwrite its machine code with input data, it might interpret and evaluate the data as an expression in quantum lambda calculus or it might attain sentience and examine them to find out the meaning of life or whatever but it will never be able to do "bad things". On Sun, 19 Sep 2010, Berend-Jan Wever wrote: > nevermind the fact that a "good" program in your list may contain as yet > unknown vulnerabilities which mean it's actually bad. Although it is not possible to solve the general problem, it might be possible prove a certain property (such as the lack of security bugs) for a given program (or a finite set of them). On Sun, 19 Sep 2010, Christian Sciberras wrote: > I'm afraid most of this talk is theoretical crap. "Nazi science sneers at incompleteness theorems!" Sorry, couldn't resist. > There are no precise mathematics, in fact, all notion of probability is > fragmenting so much, that the probability that anything happens nears > to 1. Mathematics is as precise as ever. And people are as unable to grasp it as ever. :| On Mon, 20 Sep 2010, Hurgel Bumpf wrote: > In the end, the problem is on one side the os vendor bothering endusers > with stupid stop signs that can be disabled with a simple click, and on > the other side the user again, clicking on every accept button like a > woodpecker. Obviously, the real solution should make unsafe behaviour more difficult for a user than safe behaviour. On Mon, 20 Sep 2010 valdis.kletni...@vt.edu wrote: > Godel, Turing, and all proved that you can't make that check 100% > correct. They said *nothing* about the possibility of building a checker > that's 99.8% accurate (and in fact, that's totally within the realm > of mathematical possibility). There are *real* problems that Godel says > *nothing* about but the real world does: What is the meaning of these percents? Probability? Fraction? 99.8 % is as good as zero (i.e. no good at all) if an adversary is free to attack the remaining 0.2 %. Sun Tzu said it best: "The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable." On Mon, 20 Sep 2010, dave b wrote: > News flash: Computers are just not secure enough for us to use. This is very old news. > But, I don't use computers ... only non-deterministic Turing machines ;) Oh. Can I rent one millionth part of your tape? :) -- Pavel Kankovsky aka Peak / Jeremiah 9:21\ "For death is come up into our MS Windows(tm)..." \ 21st century edition / ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
News flash: Computers are just not secure enough for us to use. But, I don't use computers ... only non-deterministic Turing machines ;) -- But, for my own part, it was Greek to me. -- William Shakespeare, "Julius Caesar ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
Nowadays most vendors interferes and alters *a lot* in your operating system, from hooking Win32 API functions to modification of the IAT. It's only a question of who came first, the malware or the protection program. On Sun, Sep 19, 2010 at 00:30, Giuseppe Fuggiano wrote: > On Sat, 2010-09-18 at 22:51 +0300, Georgi Guninski wrote: >> http://plus.maths.org/content/goumldel-and-limits-logic >> Gödel and the limits of logic >> >> Quote: >> >> Another result that derives from Gödel's ideas is the demonstration that >> no program that does not alter a computer's operating system can detect >> all programs that do. In other words, no program can find all the >> viruses on your computer, unless it interferes with *and alters* the >> operating system. > > Interesting, especially because actually Antiviruses do alter my > operating system, usually making it unstable. That's why I don't use > them. > > Giuseppe. > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
On Mon, 20 Sep 2010 01:03:21 PDT, Hurgel Bumpf said: > The solution could be a virtualized operating system, which has a control > layer between the operating system and the hardware abstraction layer. Changes > to data could be non-persistent in the first step, and only written to > the hdd after a heuristic check of the changes and a interaction with the > user. Actually, that's a very useful tool that you can even deploy today: Just use the 'checkpoint' feature of a VMWare or similar tool, and keep around some checkpoints that you're reasonably sure contain no malware. Unfortunately, it suffers from the same exact Godel issue as any other system - you simply *cannot* make that "heuristic check" 100% guaranteed correct and accurate. (In fact, by definition a heuristic check *can't* be 100% accurate - if a heuristic was perfect, it would be called an algorithm). The point that everybody seems to be missing is this: Godel, Turing, and all proved that you can't make that check 100% correct. They said *nothing* about the possibility of building a checker that's 99.8% accurate (and in fact, that's totally within the realm of mathematical possibility). There are *real* problems that Godel says *nothing* about but the real world does: 1) Making that mathematically possible 99.8% accurate checker may require so much simulation and state tracking that launch times for programs will be measured in years or decades - as a practical matter, users may not want more than 2 or 3 nines. Heck, they whinge about the overhead of *current* anti-malware. 2) With the plethora of complicated objects on the average computer system, raising the "is javascript/vi modelines/whatever data or executable code" issues, we don't even have a clue how to do better than 95% or so. So as an industry, let's not bother worring about that Godel issue until we know how to get to 99% and still have users happy with the overhead involved. pgpowxpirhHAd.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
On Mon, Sep 20, 2010 at 01:03:21AM -0700, Hurgel Bumpf wrote: > The solution could be a virtualized operating system, which has a control > layer between the operating system and the hardware abstraction layer. > Changes to data could be non-persistent in the first step, and only written > to the hdd after a heuristic check of the changes and a interaction with the > user. > > In the end, the problem is on one side the os vendor bothering endusers with > stupid stop signs that can be disabled with a simple click, and on the other > side the user again, clicking on every accept button like a woodpecker. > > > that woodpecker syndrome seems a real threat to national security. hopefully, to overcome machine limitations and/or suboptimal users, some vendors provide human (turing test certified operators) support on security matters. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
The solution could be a virtualized operating system, which has a control layer between the operating system and the hardware abstraction layer. Changes to data could be non-persistent in the first step, and only written to the hdd after a heuristic check of the changes and a interaction with the user. In the end, the problem is on one side the os vendor bothering endusers with stupid stop signs that can be disabled with a simple click, and on the other side the user again, clicking on every accept button like a woodpecker. --- Georgi Guninski schrieb am Sa, 18.9.2010: > Von: Georgi Guninski > Betreff: [Full-disclosure] Gödel and kernel backdoors > An: full-disclosure@lists.grok.org.uk > Datum: Samstag, 18. September, 2010 15:51 Uhr > http://plus.maths.org/content/goumldel-and-limits-logic > Gödel and the limits of logic > > Quote: > > Another result that derives from Gödel's ideas is the > demonstration that > no program that does not alter a computer's operating > system can detect > all programs that do. In other words, no program can find > all the > viruses on your computer, unless it interferes with *and > alters* the operating system. > > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
"i doubt this can be remotely implemented in practice because of dynamic code like |eval| and mobile code." Because we all shout at and blacklist browsers when a website gets hacked and starts monitoring users' actions. On a more serious note, try a program, like Comodo's Firewall. You can change the operation mode, from "learn which programs do what", to "block all programs". I'm afraid most of this talk is theoretical crap. Then again, during Godel's age, there weren't computers that could calculate how many people believe in spaghetti monsters. In short, there is the social factor, which computers seem to be more and more dependent on. There are no precise mathematics, in fact, all notion of probability is fragmenting so much, that the probability that anything happens nears to 1. My two cents, Chris. On Sun, Sep 19, 2010 at 7:07 PM, Georgi Guninski wrote: > On Sun, Sep 19, 2010 at 06:21:35PM +0200, Pavel Kankovsky wrote: >> On the other hand, It is possible to "detect all bad programs" if it is >> allowed to err on the safe side and mistake some good programs for bad >> programs. An extreme example is to call all programs bad unless their >> exact code appears on the list of known good programs. >> > > > i doubt this can be remotely implemented in practice because of dynamic code > like |eval| and mobile code. > > can |code| be realistically distinguished from |data| for current OSes > (e.g. is a vim modeline *only a* plain string or a string + program) ? > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
nevermind the fact that a "good" program in your list may contain as yet unknown vulnerabilities which mean it's actually bad. On Sep 19, 2010 7:08 PM, "Georgi Guninski" wrote: > On Sun, Sep 19, 2010 at 06:21:35PM +0200, Pavel Kankovsky wrote: >> On the other hand, It is possible to "detect all bad programs" if it is >> allowed to err on the safe side and mistake some good programs for bad >> programs. An extreme example is to call all programs bad unless their >> exact code appears on the list of known good programs. >> > > > i doubt this can be remotely implemented in practice because of dynamic code like |eval| and mobile code. > > can |code| be realistically distinguished from |data| for current OSes > (e.g. is a vim modeline *only a* plain string or a string + program) ? > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
On Sun, Sep 19, 2010 at 06:21:35PM +0200, Pavel Kankovsky wrote: > On the other hand, It is possible to "detect all bad programs" if it is > allowed to err on the safe side and mistake some good programs for bad > programs. An extreme example is to call all programs bad unless their > exact code appears on the list of known good programs. > i doubt this can be remotely implemented in practice because of dynamic code like |eval| and mobile code. can |code| be realistically distinguished from |data| for current OSes (e.g. is a vim modeline *only a* plain string or a string + program) ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
On Sat, 18 Sep 2010, Georgi Guninski wrote: > Another result that derives from Gödel's ideas is the demonstration that > no program that does not alter a computer's operating system can detect > all programs that do. What is impossible is reliable and perfect discrimination between "good" and "bad" programs for any nontrivial definition of "good" and "bad" (this follows from Rice's theorem). On the other hand, It is possible to "detect all bad programs" if it is allowed to err on the safe side and mistake some good programs for bad programs. An extreme example is to call all programs bad unless their exact code appears on the list of known good programs. -- Pavel Kankovsky aka Peak / Jeremiah 9:21\ "For death is come up into our MS Windows(tm)..." \ 21st century edition / ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
On Sat, Sep 18, 2010 at 3:30 PM, Giuseppe Fuggiano wrote: > On Sat, 2010-09-18 at 22:51 +0300, Georgi Guninski wrote: >> all programs that do. In other words, no program can find all the >> viruses on your computer, unless it interferes with *and alters* the >> operating system. > > Interesting, especially because actually Antiviruses do alter my > operating system, usually making it unstable. That's why I don't use > them. It modifies and interferes with your operating system and it STILL doesn't find ALL the viruses! Only known ones and even that is hit and miss. Antivirus as a protection method is dead. BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
On Sat, 2010-09-18 at 22:51 +0300, Georgi Guninski wrote: > http://plus.maths.org/content/goumldel-and-limits-logic > Gödel and the limits of logic > > Quote: > > Another result that derives from Gödel's ideas is the demonstration that > no program that does not alter a computer's operating system can detect > all programs that do. In other words, no program can find all the > viruses on your computer, unless it interferes with *and alters* the > operating system. Interesting, especially because actually Antiviruses do alter my operating system, usually making it unstable. That's why I don't use them. Giuseppe. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gödel and kernel backdoors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/09/2010 20:51, Georgi Guninski wrote: > http://plus.maths.org/content/goumldel-and-limits-logic > Gödel and the limits of logic > > Quote: > > Another result that derives from Gödel's ideas is the demonstration that > no program that does not alter a computer's operating system can detect > all programs that do. In other words, no program can find all the > viruses on your computer, unless it interferes with *and alters* the > operating system. Can software monitor, identify and log (measure) without interacting with and thus affecting the OS? Perhaps this is the reason why mankind has not yet found a GUT. Perhaps a paradox is all we have to work with. - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTJU2gbIvn8UFHWSmAQKBSgf/ZOo6VSxEPABLKYfnTdLHsHIZhqNoKJAT VYjf9TrczpcNmX+eg9w/R/tmyRHz4hwYqy72rI8J8gbax7gFo4x65PmGwOu27u5L 7u4jmee6CGvY354KwDvLpI0sI3901u4xkY2/n3mGOdQHTAmtWLL0B2ov8/1+/gc3 Wsr1M88qV/2vlFDb48gzyicHf8BHYlHIw0JKvu8Zt+is98BbLsEycOdBdK2Wve// Sdq3XaADyaZ09oeYj2rZNs8NGm7nh38B3EBgQMyHYiE6Wy7Z8zztAgpk4heKAPm1 AHU/9kiCgnTozhPz8ROt9ZSKFnZuc4S+9SINGJl14GHOSGfSNBpRCw== =i3Rx -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/