Modeling Computer Insecurity




In this paper, we present a formal model of computer security based on the universal Turing machine. This model allows us to conclude that given a machine and policy, the problem of determining if that machine is secure is not recursively enumerable. However, two related problems are solvable. The inverse problem of determining if a machine is insecure is recognizable. Additionally, determining if the current configuration of a machine is secure is decidable. Given these theoretical results, we propose a shift in how we discuss “security” in practice.