Why pre­vent­ing cy­ber at­tacks is so dif­fi­cult

The Hamilton Spectator - - OPINION -

RE: World­wide at­tack de­mands col­lab­o­ra­tion (May 16)

I am writ­ing to present facts about com­puter sci­ence that are prob­a­bly un­known to the gen­eral pub­lic, to help peo­ple un­der­stand that pre­vent­ing cy­ber at­tacks like Wan­naCry is ex­tremely dif­fi­cult.

As I un­der­stand it, Wan­naCry was an ex­ploit at­tack. An ex­ploit is a flaw in a pro­gram which can al­low ma­li­cious interference. Not ev­ery flaw is an ex­ploit, but it is nearly im­pos­si­ble to guarantee that a piece of soft­ware is flaw­less. The way that pro­gram­mers typ­i­cally search for flaws in soft­ware is by test­ing it. If you give a piece of soft­ware an in­put and it doesn’t pro­duce the de­sired out­put, the soft­ware has a flaw. The prob­lem is that the num­ber of pos­si­ble in­puts for any given piece of soft­ware is two to the ex­po­nent of the num­ber of bits of in­put.

Let’s say your pro­gram in­put is eight char­ac­ters long. One char­ac­ter is eight bits, so that’s 64 bits of in­put. Even if you wrote a pro­gram to test this pro­gram one thou­sand times per sec­ond, it would still take around 584 mil­lion years to ex­haus­tively check ev­ery pos­si­ble in­put!

A quar­ter of a tweet has a thou­sand times as many pos­si­ble in­put states as the num­ber of atoms in the ob­serv­able uni­verse.

This is what com­puter sci­en­tists re­fer to as the “state ex­plo­sion prob­lem,” and it’s a prob­lem that can be mit­i­gated in a num­ber of clever ways, but it has not been solved. Ni­cholas Moore, Hamil­ton

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.