Secure Coding mailing list archives
Fully Countering Trusting Trust through Diverse Double-Compiling
From: ge at linuxbox.org (Gadi Evron)
Date: Wed, 04 Nov 2009 02:57:35 +0200
Wheeler, David A wrote:
All - As you know, in the "trusting trust" attack, compilers can be subverted to insert malicious Trojan horses into critical software... including themselves. This turns out to be a nasty attack that's not easy to counter. I've just released my draft PhD dissertation, "Fully Countering Trusting Trust through Diverse Double-Compiling" (DDC), that describes how to counter the "trusting trust" attack. More details, including the dissertation, are here: http://www.dwheeler.com/trusting-trust On November 23, 2009, 1-3pm, I will be giving a public defense of this dissertation. If you're interested, please come! It will be at George Mason University, Fairfax, Virginia, Innovation Hall, room 105. This 2009 dissertation significantly extends my previous 2005 ACSAC paper. For example, I now have a formal proof that DDC is effective (the ACSAC paper only had an informal justification). I also have additional demonstrations, including one with GCC (to show that it scales up) and one with a maliciously corrupted compiler (to show that it really does detect them in the real world). The dissertation is also more general; the ACSAC paper only considered the special case of a "self-parenting" compiler, while the dissertation eliminates that assumption.
David, this is very cool indeed. Thank you for sharing, and a lot of luck!
I'd like to note in a semi-related fashion that the concept of trusting
trust, while in the original paper limited to the compiler case, is a
generic concept in security and could go on up and down the chain of
trust forever (beyond the compiler), until at some point you take
something on blind faith.
Gadi.
--- David A. Wheeler _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
-- Gadi Evron, ge at linuxbox.org. Blog: http://gevron.livejournal.com/
Current thread:
- Fully Countering Trusting Trust through Diverse Double-Compiling Wheeler, David A (Nov 02)
- Fully Countering Trusting Trust through Diverse Double-Compiling Gadi Evron (Nov 03)
- Fully Countering Trusting Trust through Diverse Double-Compiling Wheeler, David A (Nov 04)
- Fully Countering Trusting Trust through Diverse Double-Compiling Gadi Evron (Nov 04)
- Fully Countering Trusting Trust through Diverse Double-Compiling Wheeler, David A (Nov 04)
- Fully Countering Trusting Trust through Diverse Double-Compiling Gadi Evron (Nov 03)