Modeling Computer Insecurity
- S. Engle, S. Whalen. and M. Bishop, “Modeling Computer Insecurity”, Technical Report CSE-2008-14, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (2008).
In this paper, we present a formal model of computer security based on the universal Turing machine. This model allows us to conclude that given a machine and policy, the problem of determining if that machine is secure is not recursively enumerable. However, two related problems are solvable. The inverse problem of determining if a machine is insecure is recognizable. Additionally, determining if the current configuration of a machine is secure is decidable. Given these theoretical results, we propose a shift in how we discuss “security” in practice.