Eugene "Spaf" Spafford is a professor of computer science at Purdue University in West Lafayette, Indiana. He is well known for being an early researcher into computer security (and the lack thereof). Needless to say he doesn't suffer from a shortage of work.
If you make the mistake of sending Spaf an email with a Microsoft Word attachment you'll receive a quick (indeed both instant and automated) response admonishing you for using document formats that allow for code execution. It is quite foolish to mix the two. But it also strikes upon a more fundamental truth: executing code is the root of all computer insecurity.
Thus was born the concept of the Spaf machine. It is similar in conception to the Turing machine, but quite different. The first principle of a Spaf machine is that only read operations are allowed. The second, and final, principle of a Spaf machine is that the tape is initialized to a random value. How that randomness is selected, what constitutes sufficiently random data, and where socks go in a dryer are all fluff questions best saved for a hash bar in Amsterdam.
"So what?" you might say. "All it does is read random bits. That's useless!" Au contraire! You are apparently not familiar with the idea of the infinite monkeys. Our application states that given enough time a Spaf machine would successfully render every email you would ever receive. But it would not execute a single bit of code! It is the first truly secure machine!
No comments:
Post a Comment