4

I'm plenty familiar with the Halting Problem for Turing Machines. It occurred to me after reading several posts on this site that it would be interesting, educational and useful to start a list of equivalents to the Halting Problem in terms of Computer Security. I think this might help students of computer science and allied areas come to appreciate the true depth and application of the Halting Problem in whatever their application area.

So, I ask that the proposed (or actual) equivalent problem be:

(1) One that makes sense in the domain of computer security. This can be from information management, Cryptography, hacking, or programming (ideally with a security bent, since there are plenty of Halting equivalent problems already well known in the world of programming languages and compilers).

(2) One stated with a reference to literature on that subject if possible, and maybe even (although I wouldn't require it) a proof if you know of an elegant one.

Example: I have an antivirus software on my machine, and I want to know whether it will ever execute malicious code. As far as I can tell, this is the Halting problem in disguise.

Raphael
  • 73,212
  • 30
  • 182
  • 400
لويس العرب
  • 213
  • 1
  • 8

2 Answers2

5

What you're looking for is Rice's Theorem, which is a generalized version of Halting Undecidability.

It basically says that any property of a Turing Machine (i.e. any computer program) is undecidable, if it's a property of the behavior of the program (i.e. a property of the language it accepts/produces), as opposed to a particular syntactic feature of the implementation. This holds unless it's a trivial property (always true or always false).

For example, deciding "Does instruction X ever get executed" or "Is a high security value stored in low security memory" are all questions about program behavior.

But things like "does this program contain a for-loop" or "is this program type-correct" aren't behaviors, because there might be equivalent programs which don't have the same values for those properties. You can phrase a program with a for-loop as using while-loops without changing the behaviour, or you can make a version of a program which behaves correctly but doesn't check under your typing discipline. So these aren't properties of the behavior, they're properties of the particular implementation.

Joey Eremondi
  • 30,277
  • 5
  • 67
  • 122
2

Specifically related to security, we can cite the problem when system administrators assess the impact of an access control policy on his system's security. In the paper "Protection in operating systems" Harrison, Ruzzo, and Ullman [1] presented a formal model of "access control". A state in this system is denoted by a set of objects, some of which are subjects, and a protection matrix giving the current access rights between pairs of subjects and objects. The safety problem defined was: "Given a set of policy rules, a generic access right X and an initial matrix, is it possible to reach a state in which X is granted to any subject". This problem is undecidable, the safety problem is reducible to the halting problem for Turing machines.

[1] Harrison, M., W. Ruzzo and J. Ullman, Protection in operating systems, Communications of the ACM(1976).

charles.fg
  • 121
  • 1