Wheeler, David A wrote:
All -
As you know, in the "trusting trust" attack, compilers can be subverted to
insert malicious Trojan horses into critical software... including themselves. This
turns out to be a nasty attack that's not easy to counter.
I've just released my draft PhD dissertation, "Fully Countering Trusting Trust through Diverse
Double-Compiling" (DDC), that describes how to counter the "trusting trust" attack.
More details, including the dissertation, are here:
http://www.dwheeler.com/trusting-trust
On November 23, 2009, 1-3pm, I will be giving a public defense of this dissertation. If you're interested, please come! It will be at George Mason University, Fairfax, Virginia, Innovation Hall, room 105.
This 2009 dissertation significantly extends my previous 2005 ACSAC paper. For example, I
now have a formal proof that DDC is effective (the ACSAC paper only had an informal
justification). I also have additional demonstrations, including one with GCC (to show
that it scales up) and one with a maliciously corrupted compiler (to show that it really
does detect them in the real world). The dissertation is also more general; the ACSAC
paper only considered the special case of a "self-parenting" compiler, while
the dissertation eliminates that assumption.
David, this is very cool indeed. Thank you for sharing, and a lot of luck!
I'd like to note in a semi-related fashion that the concept of trusting
trust, while in the original paper limited to the compiler case, is a
generic concept in security and could go on up and down the chain of
trust forever (beyond the compiler), until at some point you take
something on blind faith.
Gadi.
--- David A. Wheeler
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________