Thou shalt have no other gods before the ANSI C standard 1615
Charlie Gibbs
Well, no, that's not all he's saying. As I read the posts, he offered and defended these tests as non-trivial examples of resisting adversaries. I'd go so far as to say they were presented as evidence that the pracbreastioners were already dealing with the adversarial issue we raised, and with that I disagree; they show otherwise.
Did Wagner say, "it isn't adversarial at all"? The point is that such test show misunderstanding of the core, the key, the Zen of the adversarial setting.
In the adversarial environment, undesirable behavior for certain inputs *causes* such inputs to ensue. We get the input that breaks the program *because* it breaks the program. Pre-defined inputs don't model that; they model error and mischance, in which the inputs are independent of the behavior of the implementation.
Hank Oredson Agreed! This is a much better formulation of the problem. I like this much better. It makes clear what the goal is, and leaves...
We, the programmers, do not get the last move; the attacker does. Given a set of inputs, can we create a program that handles them? Sure, easy, but that's not the question at issue. The question is whether, given our program, the attacker can find an input that it does not handle.
My personal preference, on either side of the issue, starts with scenario analysis. The "what might someone (attacker...
The last-move mistake is endemic in computer science, at least if one believes programs must generally resist attackers. Look at hash tables, demand-paging of virtual memory, conservative garbage collection. We test them against actual cases and they work great, even though their theoretical worst-cases are disastrous. The adversarial environment is different: the probability of the worst-case is no longer the astronomically unlikely series of coincidences we calculated for random error and mischance. The attacker gets the last move, and he can bring about the worst possibly behavior.
I gather one of things about which we disagree is what consbreastutes an inappropriately condescending atbreastude. My years of experience have taught me that malice presents a far tougher challenge than error and mischance, and the many clbuttics of software engineering that I've studied have not adequately addressed this difference. The experts I've learned to respect and references I've come to trust support that view. Some people seem to take personal affront that I don't side with their opinions over my own considerable experience and study.
-- --Bryan
Thou shalt have no other gods before the ANSI C standard 1616
Alt Folklore Computers from Newsgroups
Thou shalt have no other gods before the ANSI C standard 1614