Information Security Requires Strongly-Typed Actors and Theories

Abstract

This article discusses how Actors help with endpoint information security by making it much more difficult for cyberattackers to penetrate Actors. It does not address the issue of cyberattacks that deceive Actors as discussed in [Hewitt ”Project Liftoff"]. The article shows how fundamental higher-order theories of mathematical structures of computer science are uniquely categorical which means that they can be axiomatized up to a unique isomorphism thereby removing any ambiguity in the mathematical structures being axiomatized. For example, intensional types and a strongly-typed event induction axiom enables proof that there is only one model of Actors up to a unique isomorphism. Rigorously characterizing computation is a pre-requisite for proving security properties. Furthermore, having mathematical structures precisely defined can make systems more secure because there are fewer ambiguities and holes for cyberattackers to exploit. For example, there are no infinite elements in models for natural numbers or Zeno computations (i.e., infinite computation in finite time) to be exploited. On the other hand, the 1st-order theories and computational systems which are not strongly-typed necessarily provide opportunities for cyberattack.

Cyberattackers have severely damaged national, corporate, and individual security as well causing hundreds of billions of dollars of economic damage. [Sobers 2019] A significant cause of the damage is that current engineering practices are not sufficiently grounded in theoretical principles. In the last two decades, little new theoretical work has been done that practically impacts large engineering projects with the result that computer systems engineering education is insufficient in providing theoretical grounding. If the current information security situation is not quickly remedied, it will soon become much worse because of the projected widespread deployment of Reusable Scalable Intelligent Systems by 2030 [Hewitt 2019].

Digital computation is characterized up to a unique isomorphism by the theory Actors, which is strictly more powerful than the equivalent characterizations of computation in [Church 1931] and [Turing 1936]. [Hewitt “Information Security Requires Strongly-Typed Actors and Theories”] Digital computation includes concurrency that was omitted from the Church/Turing characterization because the latter modeled computation that could in principle be carried out by an individual human using more and more paper and ink. However, the theory Actors characterizes as computable exactly the same deterministic procedures on integers as the Church/Turing characterization.

Currently, there is no reliable defense against mass surveillance for foreign intelligence following targets following targets as exhibited by the following devastating cyberattacks:
• Enterprise
o Sony email break-in attributed to North Korean Intelligence
o Democratic National Committee email break-in attributed to Russian Intelligence
• Civilian Government
o Stingray interceptions against US government cell phones attributed to Israel Intelligence
o Office Personnel Management of all US government security clearance files attributed to China Intelligence
Current technology for Information Security is analogous to using “cable ties and duct tape” for defense and “whack-a-mole” in response to breaches. Simply adding more “cyberwarriors” will not significantly improve Information Security. Instead, new technology is needed based on mathematical foundations.

Overall information security aspects are often discussed as follows:
• Confidentiality. An Actor provides confidentiality in that other Actors can only send it communications and thus can’t directly see inside. Actor types can store keys and perform crypto so that application programmers don’t have to implement crypto. Storing keys and performing crypto in a Faraday cage can preserve the confidentiality of crypto. Inference Robustness can make it more difficult to deceive an Intelligent System into betraying a confidence.
• Integrity. Performing crypto in a Faraday cage means that there is less opportunity to interfere. An Actor can defend itself because other Actors cannot directly interfere with its internal operation. Strong types for Actors means that there is less opportunity for spoofing implementations. Actor Event Induction enables proving specifications of operational systems. Inference Robustness enables Intelligent Systems to process inconsistent information without blowing up.
• Availability. A Citadel [Hewitt "Citadels'] can provide greater availability by supporting multiple devices (e.g. hologlasses, consoles, etc.) so that there is no single point of failure. Also, a Citadel can provide less dependence on remote data centers, especially in cases where remote connection may be intermittent or low-bandwidth.
• Accountability. A Citadel can provide robust endpoint security thereby ensuring greater accountability.

Digital computation is characterized up to a unique isomorphism by the theory Actors thereby removing all ambiguity from the theory of computation., e.g., there are no "monsters" [Lakatos 1976] such as Zeno-like computation in which there are infinitely many steps between two steps of a computation. The theory Actors allows digital computations that are not possible in the equivalent characterizations of computation in [Church 1931] and [Turing 1936]. Digital computation includes concurrency that was omitted from the Church/Turing characterization because the latter modeled computation that could in principle be carried out by an individual human using more and more paper and ink. However, the theory Actors characterizes as computable exactly the same deterministic procedures on integers as the Church/Turing characterization.

Strongly-typed Actors and theories provide foundations for tremendous improvements in information security.