Scientist discovered a vulnerability in the universal Turing machine

Scientist discovered a vulnerability in the universal Turing machine

Pontus Johnson, a professor at the Royal Institute of Technology in Stockholm, discovered a vulnerability in the universal Turing machine.

A Turing machine is an abstract executor (abstract computing machine). It was proposed by the English mathematician Alan Turing in 1936 to formalize the concept of an algorithm. A universal Turing machine is a Turing machine that can replace any Turing machine. As a rule, this term means the simplest, abstract model of a computer.

The vulnerability (CVE-2021-32471) exists due to the lack of an input validation mechanism. With its help, Johnson managed to run on the so-called the Minsky machine an arbitrary code using specially configured data.

А well-established implementation of the universalTuring machine is vulnerable to a both unintentional andnon-trivial form of arbitrary code execution.The article proceeds in the next section with a backgroundto arbitrary code execution.Pontus Johnson reports.

As Pontus noted, the vulnerability cannot be exploited in real attack scenarios, since it affects the Minsky machine (or the so-called register machine) – a multi-tape Turing machine, introduced in 1967 by the co-founder of the University of Massachusetts Artificial Intelligence Laboratory, Marvin Minsky, and is the simplest computer.

Although the vulnerability has no use in the modern world, Johnson said, it raises an important question – at what stage in the creation of a computer can security features be implemented in it?

As the scientist noted, many experts believe that security should be taken into account at the very early stages of creating a computer. However, this approach is inapplicable to the Minsky machine, since all possible safety functions will be add-ons and it is impossible to include them in the machine itself.

Johnson said his research demonstrates that even the simplest computer is still vulnerable, and security cannot always be built in.

By submitting crafted input data, an attacker can coerce the machine into executing arbitrary instructions. While this vulnerability has no real-world impli-cations, we discuss whether it indicates an intrinsic propensityfor arbitrary code execution vulnerabilities in computers ingeneral.Professor Pontus Johnson concludes

Let me remind you that I also talked about the Perfect encryption system presented by team of scientists from three countries.

Leave a Reply

Your email address will not be published. Required fields are marked *