Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. Copyright 1984, Association for Computing.

Published byFranklin Norton Modified over 9 years ago

Similar presentations

Presentation on theme: "Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. Copyright 1984, Association for Computing."— Presentation transcript:

1 Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. Copyright 1984, Association for Computing Machinery, Inc. Reviewer: Katherine Rosie

2 27/09/00K8 (1.1)2 Paper Overview Introduction. This is an award acceptance “speech”. Stage I, II, III. A staged development outlining a potential threat. Moral. A number of points regarding trust and security Quote: “You can’t trust code that you did not totally create yourself”

3 27/09/00K8 (1.1)3 Stage I Definition: A self reproducing program: “when compiled and executed, will produce as output an exact copy” of itself. Such a program has two “important properties”: 1.It can be easily written by another program. 2.Anything within the program will be reproduced.

4 27/09/00K8 (1.1)4 Stage II “The C Compiler is written in C” example.c C Compiler (1.0) example(1 ) C Compiler (1.1) example(2 ) Key: Boxes: Source code Ovals: Compiled Binary Coloured Ovals: Include change introduced by version 1.1 of compiler

5 27/09/00K8 (1.1)5 Stage III Focusing on compilation of a single line of source. Miscompilations could be due to: A compiler “bug”. A fault caused by a genuine mistake. A “Trojan Horse”. A deliberate fault creating a gap in the security of the resulting binary. compile(s) char *s; { … }

6 27/09/00K8 (1.1)6 Stage III – Login compile C Compiler (1.0) Process “login” command. C Compiler (1.1) Change from version 1.0 (Trojan Horse): Process login command to accept additional password hoogenband login (1) “login” command accepts: userid and passwd login (2) “login” command accepts: userid, passwd and hoogenband if( match(s, “login”)) { compile(“bug”); return; }

7 27/09/00K8 (1.1)7 Stages I,II,III = Security Threat C Compiler (1.1) Process “login” command. C Compiler (1.0/1.1) C Compiler (1.0) login (2) “login” command accepts: userid, password and hoogenband Fault is identified in behavior of compiler version 1.1. The source is unavailable. Version 1.1 source contained a second (replicating) Trojan Horse. Attempt to remove fault using 1.0 source fails because the compilation is identified and the Trojan Horses are replicated.

8 27/09/00K8 (1.1)8 Morals (from the author) “You can’t trust code that you did not totally create yourself” Media role in reporting computer crime: –“The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor’s house. –It should not matter that the neighbor’s door is unlocked. –The press must learn that misguided use of a computer is no more amazing than drunk driving of an automobile.”

9 27/09/00K8 (1.1)9 Conclusions The author uses a technical example to stimulate thought on the problems inherent in misplaced trust. Trust at a very low level. He also uses the podium he has been given in receiving an award to convey his personal concerns. I would recommend that any developer keep in mind that the end result of a compilation may not be what they expect.

10 27/09/00K8 (1.1)10 Discussion Point 1: Is the threat of a Compiler with a Trojan Horse still valid today? Point 2: Was it a good idea to publish the technical detail of this threat?

Download ppt "Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. Copyright 1984, Association for Computing."

Similar presentations

© 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 1 Eggs have the potential to cause catastrophic damage to private.

© 2001 By Default! A Free sample background from Slide 1 Eggs have the potential to cause catastrophic damage to private.
CHAPTER 2 GC101 Program’s algorithm 1. COMMUNICATING WITH A COMPUTER  Programming languages bridge the gap between human thought processes and computer.

CHAPTER 2 GC101 Program’s algorithm 1. COMMUNICATING WITH A COMPUTER  Programming languages bridge the gap between human thought processes and computer.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
The Top 5 Mistakes Supervisors Make …and other important HR information.

The Top 5 Mistakes Supervisors Make …and other important HR information.
CIS-74 Computer Software Quality Assurance Systematic Software Testing Chapter 1: An Overview of the Testing Process.

CIS-74 Computer Software Quality Assurance Systematic Software Testing Chapter 1: An Overview of the Testing Process.
Tamper Resistant Software An Implementation By David Aucsmith, IAL “This paper describes a technology for the construction of tamper resistant software.”

Tamper Resistant Software An Implementation By David Aucsmith, IAL “This paper describes a technology for the construction of tamper resistant software.”
CSS 548 Dan Chock.  What are some ways that compilers can affect application security? ◦ Improving Application Security  Checking for and preventing.

CSS 548 Dan Chock.  What are some ways that compilers can affect application security? ◦ Improving Application Security  Checking for and preventing.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.

1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,

A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,
1 Avoiding Plagiarism (or, The Right way to Write)

1 Avoiding Plagiarism (or, The Right way to Write)
Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009.

Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009.
Debugging: Catching Bugs ( I ) Ying Wu Electrical & Computer Engineering Northwestern University ECE230 Lectures Series.

Debugging: Catching Bugs ( I ) Ying Wu Electrical & Computer Engineering Northwestern University ECE230 Lectures Series.
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.

Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
Computer Security Computer Security as a principle; Computer Security in UNIX for specific; Conclusion.

Computer Security Computer Security as a principle; Computer Security in UNIX for specific; Conclusion.
With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.

With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.
BACKDOORS in Software Seminar on Software University of Turku January 2008 Eino Malinen.

BACKDOORS in Software Seminar on Software University of Turku January 2008 Eino Malinen.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
1 Lecture 24 Hiding Exploit in Compilers bootstrapping, self-generating code, tombstone diagrams Ras Bodik Mangpo and Ali Hack Your Language! CS164: Introduction.

1 Lecture 24 Hiding Exploit in Compilers bootstrapping, self-generating code, tombstone diagrams Ras Bodik Mangpo and Ali Hack Your Language! CS164: Introduction.
Universe Design Concepts Business Intelligence www.supinfo.com Copyright © SUPINFO. All rights reserved.

Universe Design Concepts Business Intelligence Copyright © SUPINFO. All rights reserved.

Similar presentations

Ads by Google