Counter for "Trusting Trust" attack found - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

How strictly do your users obey your security policies?

	To the letter.
	For the most part.
	When it suits them.
	By chance.
	Not at all.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Security Week: December 1st, 2008

Linux Advisory Watch: November 28th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Counter for "Trusting Trust" attack found

User Rating:

How can I rate this item?

Posted by Pax Dickinson

Since 1974, there has been one security attack that has been claimed to be essentially uncounterable: the "Trusting Trust" attack. In this attack, the compiler is subverted, which can then subvert everything else. In 1984, Ken Thompson demonstrated it and made it widely known. David A. Wheeler has published a paper that claims to be the antidote to the "Trusting Trust" attack. Interestingly enough, its results are far more helpful if your compiler is open source software.

The "trusting trust" attack subverts the compiler binary; if the attacker succeeds, you're doomed. Well, til now.

Since 1974, there has been one security attack that has been claimed to be uncounterable: the "Trusting Trust" attack. This attack became famous in 1984 when Ken Thompson gave his famous speech "Reflections on Trusting Trust." David A. Wheeler written a paper on an approach to counter this attack, "Countering Trusting Trust through Diverse Double-Compiling". His approach verifies that a source and binary correspond, so that you can then analyze the source code. This is obviously more valuable to those who have access to the compiler source code.

Here's the abstract:
"An Air Force evaluation of Multics, and Ken Thompson's famous Turing award lecture "Reflections on Trusting Trust," showed that compilers can be subverted to insert malicious Trojan horses into critical software, including themselves. If this attack goes undetected, even complete analysis of a system's source code will not find the malicious code that is running, and methods for detecting this particular attack are not widely known. This paper describes a practical technique, termed diverse double-compiling (DDC), that detects this attack and some unintended compiler defects as well. Simply recompile the purported source code twice: once with a second (trusted) compiler, and again using the result of the first compilation. If the result is bit-for-bit identical with the untrusted binary, then the source code accurately represents the binary. This technique has been mentioned informally, but its issues and ramifications have not been identified or discussed in a peer-reviewed work, nor has a public demonstration been made. This paper describes the technique, justifies it, describes how to overcome practical challenges, and demonstrates it."

Read this full article

Write Comment
Please keep the topic of messages relevant to the subject of the article. Personal verbal attacks will be deleted. Please don't use comments to plug your web site.. Such material will be removed.
Name:
Title:
Comment:
Code:*

< Prev		Next >

Partner:

Latest Features

A Secure Nagios Server

Never Installed a Firewall on Ubuntu? Try Firestarter

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Yesterday's Edition

Data Encryption and Ubuntu

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital