Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Why can't we build unhackable software?
9 points by bikamonki on July 29, 2015 | hide | past | favorite | 13 comments
Is it human error or is there a technical limitation to it? Is it b/c layer upon layer of abstraction doors are left open on purpose? If the first software layer over harware has a finite set of operations with a 100% predictable outcome (no need for testing), why can't we continue to build predictable outcomes on the next layers?


Its quite easy to build unhackable software. It just also happens to be unuseful. Its always a tradeoff.

I always thought that a key element to MS Windows domination was precisely what made it so unsafe. It was dead easy to use and abuse it to do anything and everything imaginable. Good or bad.

One man's hack is another man's feature.


It's un-economical. It is theoretically possible to build unhackable, bug-free software. The amount of testing, formal verification, and specification needed to do this means that in most domains, the company will be bankrupt before the software enters service.


Ignoring the software reasons, that are already in the comments. Unhackable software is impossible because direct access is total access. If you make a perfect program running on a perfect OS it still has to operate in the real world. IRL I could change the memory or storage to hack the software via some method other than the OS, bypassing the software entirely.


There's a bunch of reasons but for the most part I'd say it's currently too expensive to do (time and money).

People think they want unhackable software, but then they realise it will cost 1000 times more and take 100 times longer (and even then not guaranteed) so they forget about it.


Being theoretically predictable, which computer programs are, is not the same thing as being meaningfully determinable. And being meaningfully determinable is not the same thing as having a strong description of all the desired states that your program could be in.


I would say it's human limitation. The complexity of modern software systems is often times too great for even its creators to grasp completely. Especially since a program is not an island - it interacts with the OS, the hardware, the network, other programs...


You can perhaps build a (currently) unhackable program. Then someone discovers a new way to hack programs.

That is: To make a program that is truly unhackable, it has to be immune to all future hacks that are currently unknown. That's really hard.


Refer to "The Halting Problem" https://en.wikipedia.org/wiki/Halting_problem


In short, Alan Turning proved these problems are "undecidable" for the general case (under our model/definition of computing, now know as the Turning Machine).


Thus we cannot build general purpose tools to tell us if our program is correct as there is no general rigourus mathematical proof that we can apply.

Any attempt would require heuristics which are not guaranteed to work.


There is no algorithm to prove the correctness of programs in general but you can still prove correctness of specific programs.


Obligatory xkcd

https://xkcd.com/1266/


We can, actually.

It's just so happens that 100% predictable outcome has nothing to do with hackability.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: