Posted by Marcus G. Daniels on Sep 13, 2013; 4:24am
URL: http://friam.383.s1.nabble.com/Urgent-skype-vulnerability-tp7583763p7583807.html

On 9/12/13 6:23 PM, glen e. p. ropella wrote:
> But where do you stop, in your ideal?  Do you stop at the source
> code?  Or do you also need a transparent compiler?  Linker? Run-time?
> System? Component, vhdl, ceramics, doping, drawing methods?
One way to avoid going down and down is to build a paranoid compiler.  
Imagine using a loop of adds to do a multiply (or for base 2, left
shifts), and in another case just using a multiply instruction.  If the
hardware is broken or malicious, cross checks on the functionally
equivalent calculations can be identified.

An area where these issues come up is for resilience of high performance
computing systems.  Very large systems are prone to soft-errors from
cosmic rays, voltage regulation, and faults from heat.  If a calculation
can be performed two times or more on different processors, then by
voting it is feasible to identify when  memory feeding a calculation or
when a calculation itself is in error.

Doing this at a higher level is possible, but the more complex the
instructions are, the harder it may be to formulate isomorphic cases.  
How do you convert a "Drive to work" operation into to "Fly to New York
City" operation?

I do think it is necessary for safety-critical or performance-sensitive
applications to have a compiler that allows for public review of its
mechanisms.    Ideally compilers would also be better about explaining
bad outcomes.   An example that comes to mind is
-ftree-vectorizer-verbose in GCC, which shows the hazards that prevent
converting a sequence of scalar operations into vector operations.

Going to another level, the runtime and system software is open source
with Linux, even some firmware.
Going down again there are examples of full microprocessor Verilog
designs like the UltraSparc T1 & T2 available as source code.
http://www.oracle.com/technetwork/systems/opensparc/opensparc-t2-page-1446157.html

Reconfigurable and synthesizable hardware (FPGAs, Tensilica/Intel Quark)
already offer control at the hardware level.
And with nano-fabrication tools and desktop electron microscopy systems,
one can imagine someday building/checking computing devices atom by
atom.   Eventually everything will be software..

One person is unlikely to have the breadth to understand the preferred
form (source) of all of these, but diverse overlapping communities
working in public could secure them, and no reverse engineering would be
needed.   Companies like Red Hat have working business models around
this kind of development.

Marcus

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com