Linguistic security, and the second great crisis of computing
Distributed systems need to communicate, or talk, through some sort of communications channel in order to achieve coordinated behaviour which introduces the need for components to firstly recognise the difference between valid and invalid messages and secondly to have a common set of expectation of behaviour. And fairly obviously these two problems of coordination have safety and security implications of course.
The problem is that up to now security has been framed in the context of code, but this approach fails to realise that recognition and context are essentially language problems, which brings us firstly to the work of Chomsky on languages and next to Turing on computation. As it turns out above a certain level of expressive power of a language in the Chomsky hierarchy figuring out whether an input is valid runs into the halting problem of Turing. For such expressively powerful languages the question, ‘is it valid?’ is simply undecidable, no matter how hard you try. This is an important point, it’s not just hard or even really really hard to do but actually undecidable so…don’t go there.
Enter the study of linguistic security to address the vulnerabilities introduced by the to date unrecognised expressive power of the languages we communicate with.