Computer Science – Cryptography and Security
Scientific paper
2010-04-30
Proc. of the 21st Annual Computer Security Applications Conference (ACSAC), December 5-9, 2005, Tucson, Arizona, pp. 28-40, Lo
Computer Science
Cryptography and Security
13 pages.
Scientific paper
An Air Force evaluation of Multics, and Ken Thompson's famous Turing award lecture "Reflections on Trusting Trust," showed that compilers can be subverted to insert malicious Trojan horses into critical software, including themselves. If this attack goes undetected, even complete analysis of a system's source code will not find the malicious code that is running, and methods for detecting this particular attack are not widely known. This paper describes a practical technique, termed diverse double-compiling (DDC), that detects this attack and some compiler defects as well. Simply recompile the source code twice: once with a second (trusted) compiler, and again using the result of the first compilation. If the result is bit-for-bit identical with the untrusted binary, then the source code accurately represents the binary. This technique has been mentioned informally, but its issues and ramifications have not been identified or discussed in a peer-reviewed work, nor has a public demonstration been made. This paper describes the technique, justifies it, describes how to overcome practical challenges, and demonstrates it.
No associations
LandOfFree
Countering Trusting Trust through Diverse Double-Compiling does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Countering Trusting Trust through Diverse Double-Compiling, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Countering Trusting Trust through Diverse Double-Compiling will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-388527